Other Targets In Google Cyber Attack Surface
The U.S. has formally asked Chinese officials for an explanation; China says it welcomes companies that obey the law.
The names of other companies targeted in the cyber attack disclosed by Google earlier this week have started to emerge.
Google reportedly asked the other 33 companies targeted in the attack to come forward.
More Security Insights
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Cloud Security: It’s Not Just for IT Anymore
- The Business Value of Hybrid Cloud -Based Compromise Intelligence Monitoring and Threat Mitigation
- Learn How Neustar Technology Can Block DDoS Attacks
A Google spokesperson said that while the company provided technical information, that was the extent of its communication to other affected organizations.
Adobe was the first company after Google to acknowledge that it had been targeted. It said on Tuesday that it had learned about "a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies" at the beginning of the month.
According to an Adobe spokesperson, Adobe decided to come forward on its own.
Web hosting provider Rackspace followed suit in a blog post.
Symantec and Juniper Networks have acknowledged being targeted.
Dow Chemical and Northrop Grumman were also among the targets, according to The Washington Post. Other reports say Yahoo was attacked as well.
A spokesperson for Northrop Gruman declined to comment. Dow Chemical and Yahoo did not respond to requests for comment.
Microsoft on Thursday acknowledged that the cyber attack leveraged an Internet Explorer vulnerability and issued a security advisory. It condemned the attacks and noted that its network and online properties appear not to have been affected.
"At this time, we have no indication that Microsoft's corporate network or our mail properties were attacked as part of these attacks," said Mike Reavey, director of Microsoft Security Response, in an online post on Thursday.
A report in the English-language China Daily noted that Microsoft and HP failed to back Google's move. It includes a quote from Microsoft CEO Steve Ballmer, referring to the incident as "the Google problem."
Following Microsoft's announcement, Verisign iDefense on Friday retracted its claim that the likely attack vector was "malicious PDF file attachments delivered via e-mail."
The U.S. government has formally asked Chinese diplomatic officials for an explanation of the incident.
"We have had a discussion today here in Washington with officials from the Embassy, where we raised the issue," said State Department spokesman P.J. Crowley at Thursday's press briefing. "And as the Secretary said, it is a serious issue. The incident raises questions about both Internet freedom and the security of the Internet in China. And we've asked them for an explanation."
China's Foreign Ministry Spokesperson Jiang Yu in a briefing on Thursday said that "China's Internet is open," and that "China welcomes international Internet corporations to do business in China in line with law."
Asked about reports that U.S. Secretary of State Hillary Clinton said she would seek an explanation, Jiang responded, "if the US contacts us, we will reiterate our position on this issue."
Update: Added Google response.
Attend our virtual event on modernizing IT governance, risk, and compliance to accelerate flexibility and visibility. Find out more (registration required).