Apple Clarifies Cyber Attacks Came From Eastern Europe and Not China

Apple's MacBook Pro | Official Website

Apple’s MacBook Pro | Official Website

Previous reports may have suggested that hackers who attacked Apple came from China, investigators now believe that the culprit are instead based out from Eastern Europe. In a reported posted on Bloomberg, the attacks on Apple, Facebook, Twitter and many others came from “an Eastern European gang of hackers that is trying to steal company secrets.”

Investigators suspect that the hackers are a criminal group based in Russia or Eastern Europe, and have tracked at least one server being used by the group to a hosting company in the Ukraine. Other evidence, including the malware used in the attack, also suggests it is the work of cyber criminals rather than state-sponsored espionage from China, two people familiar with the investigation said.

NYT: Linking Cyber Attacks to Chinese Army

On the other hand, The New York Times, had instead linked recent attacks on the said companies to Chinese Army. There were also claims that an “overwhelming percentage of attacks on American corporations, organizations and government agencies” stemmed from a People’s Liberation Army group known as “Unit 61398,” which is based on the outskirts of Shanghai.

However, Apple announced last Wednesday that some of their employees’ laptops were infected by a Java plug-in vulnerability. It was the same malware used against a number of companies, although it did not indicate its country of origin. As stated by the Cupertino-based company:

We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.

Watering Hole Attack

It is believed that the attacks occurred through an iPhone developer community website, which was hosting the malware. The infected code made its way onto Apple computers using a Java zero-day flaw. This method is called “watering hole attack,” wherein hackers compromise a popular website that many people visit and trust.

In relation to this, Apple rolled out an update last Tuesday for all OS X users to fix the said bug, as well as remove the Java Web applet.

Leave a Comment