In its Security Response blog Microsoft Company has announced that it has suffered from hacking attack that was similar in nature to those experienced by Apple and Facebook recently.
Microsoft says that it had detected an intrusion to a small number of corporate machines, though it claims that customer data was once again unaffected.
“This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries,” said Matt Thomlinson, general manager of Trustworthy Computing Security at Microsoft, in the company’s blog post.
Actually such types of hacking became public earlier this month, when Twitter confirmed that it was hacked and up to 250k user accounts may have been compromised.
It continued with Facebook announcing that a Java exploit had been used to install Malware on employee computers.
Facebook said that the malware infected employee laptops even though they were running up to date antivirus software, and described the attack as “sophisticated”.
On February 19th, Apple reported that it a number of its machines had been infected via a malicious Java plugin and that sensitive customer data remained intact.
Apple and now Microsoft claim they are continuing to investigate the source of the attacks and take necessary measures to prevent future intrusions.
The attacks appear, according to sources close to the investigation, to have originated in eastern Europe, rather than China, where attacks targeting media companies like The New York Times and the Wall Street Journal came from, writes The Next Web.
The attacks come at a time of broader concern about computer security. Earlier this month U.S. President Barack Obama issued an executive order seeking better protection of the country’s critical infrastructure from cyber-attacks, says Reuters.
Describing the attack on Microsoft, Mr Thomlinson said: “As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.
“During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations.
“We have no evidence of customer data being affected and our investigation is ongoing.”
The vector for these attacks was popular iOS development site iPhone Dev SDK.
The site, owned by Ian Sefferman, was used to host malicious code that exploited a ‘zero-day’ (previously unknown) Java hole to inject malware onto computers.
After the hacking incident, several reports pointed to the hackers’ goal being company secrets like upcoming products or perhaps even code used in apps that would allow them to inject their chosen malware into more devices.
“What we’ve learned is that it appears a single administrator account was compromised,” says Sefferman.
Earlier today, in what appears to be an unrelated incident, Microsoft Azure components went down worldwide, affecting many services including Xbox Live. The cause of that appears to be an expired security certificate.