More than 760 organizations, 20 percent of them Fortune 100 companies, may have been compromised by RSA’s now infamous data breach in March, 2011, according to a report on Krebsonsecurity.
Facebook, Google and Cisco Systems are just a few of the many organizations who were targets of malware using the same command and control (C&C) infrastructure as that used in the RSA attacks, according to the report, though critical information on how the data was compiled and its source were not provided.
Security professionals suspected those behind the SecurID attack victimized more organizations than just Northrop Grumman, L-3 Communications and Lockheed Martin, all who were named in press reports in the weeks following the attack. The latest round of names were shared with congressional staff from security experts in a series of ongoing meetings regarding advanced persistent threats (APTs) like the RSA attack, according to Brian Krebs of Krebsonsecurity.com.
In addition to prominent technology firms that are known to have been on the receiving end of sophisticated, targeted attacks, the list includes many prominent Internet Service Providers (ISPs), most likely because one or more of their subscribers were victims of the attack.
Additionally, Krebs asserts that it’s difficult to determine the extent and duration that some of these corporations were hit and whether or not any sensitive information was actually extracted by the attackers.
For the full list of companies targeted and more insight, make your way over to Krebsonsecurity.com.