Data points to China as source of March RSA breach, wider attacks

When RSA executive chairman Art Coviello
told attendees of the company’s conference in London two weeks
ago that the March cyberattack on his company “could only
have been perpetrated by a nation-state,” he refused to elaborate
on which country that might be. But data shared with Congress by
security experts suggests strongly that the nation-state in
question was China and that the infrastructure used in the
attacks had been active long before RSA was breached.
Hackers used a
zero-day Flash exploit, embedded in a spreadsheet sent
through a “spear-phishing” attack, to gain access to RSA’s network
and compromise information on RSA’s SecurID authentication tokens.
But as security blogger Brian

Krebs reports, over 700 organizations’ networks were found
to be transmitting data back to the command-and-control networks
used to coordinate the attack–including a number of ISPs,
financial and technology firms, and government agencies. Reasearch
In Motion, Cisco, Google, Northrop-Grumman, Cha