Microsoft Hacked by Same Cyberattack as Apple and Facebook

Microsoft admitted that it had been hacked the same way as Apple, Facebook and Twitter earlier this month. The company starts to investigate the source of the attacks.

Microsoft says it is still investigating how malicious software was planted on what it said were a small number of its computers. Photo: Rune Grothaug/Flickr

In its Security Response blog Microsoft Company has announced that it has suffered from hacking attack that was similar in nature to those experienced by Apple and Facebook recently.

Microsoft says that it had detected an intrusion to a small number of corporate machines, though it claims that customer data was once again unaffected.

“This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries,” said Matt Thomlinson, general manager of Trustworthy Computing Security at Microsoft, in the company’s blog post.

Actually such types of hacking became public earlier this month, when Twitter confirmed that it was hacked and up to 250k user accounts may have been compromised.

It continued with Facebook announcing that a Java exploit had been used to install Malware on employee computers.

Facebook said that the malware infected employee laptops even though they were running up to date antivirus software, and described the attack as “sophisticated”.

On February 19th, Apple reported that it a number of its machines had been infected via a malicious Java plugin and that sensitive customer data remained intact.

Apple and now Microsoft claim they are continuing to investigate the source of the attacks and take necessary measures to prevent future intrusions.

The attacks appear, according to sources close to the investigation, to have originated in eastern Europe, rather than China, where attacks targeting media companies like The New York Times and the Wall Street Journal came from, writes The Next Web.

The attacks come at a time of broader concern about computer security. Earlier this month U.S. President Barack Obama issued an executive order seeking better protection of the country’s critical infrastructure from cyber-attacks, says Reuters.

Describing the attack on Microsoft, Mr Thomlinson said: “As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.

“During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations.

“We have no evidence of customer data being affected and our investigation is ongoing.”

The vector for these attacks was popular iOS development site iPhone Dev SDK.

The site, owned by Ian Sefferman, was used to host malicious code that exploited a ‘zero-day’ (previously unknown) Java hole to inject malware onto computers.

After the hacking incident, several reports pointed to the hackers’ goal being company secrets like upcoming products or perhaps even code used in apps that would allow them to inject their chosen malware into more devices.

“What we’ve learned is that it appears a single administrator account was compromised,” says Sefferman.

“The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user’s computers.”

Earlier today, in what appears to be an unrelated incident, Microsoft Azure components went down worldwide, affecting many services including Xbox Live. The cause of that appears to be an expired security certificate.

Share this article

We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Coinspeaker Ltd.