Security firm F-Secure finally exposed the back-door file that let hackers to hack into security vendor RSA.
The data stolen from RSA was later used to break into defence firms Lockheed-Martin and Northrop-Grumman.
Security researchers at F-Secure discovered that hackers made use of a phishing email supposedly from a recruitment site, called Beyond. com.
The phishing email contained a malicious excel file which dropped the Poison Ivy back-door, which provided hackers with access to RSA systems.
F-Secure’s chief research officer Mikko Hypponen said once the email was opened by an EMC(EMC owns RSA) employee, the attacker would have gained complete remote access to the infected workstation, and any attached network drives, which led to sensitive SecurID data.
Speaking about the phishing email, Mikko said, “We knew that the attack was launched with a targeted email to EMC employees, and that the email contained an attachment called 2011 Recruitment plan. xls.”
Security experts are of the view that hackers’ main aim was to access the Lockheed-Martin and Northrop-Grumman systems, which were protected by RSA’s SecurID tokens.
Related News
- Hackers use RSA stolen data to attack defence contractor L-3
- Lockheed claims data secure despite cyber attack
- RSA customers seeking alternative security technologies
- RSA's SecurID breach was made at the behest of a nation state: RSA chief says
- Employees Working From Home May Threaten Security
- Cybersecurity Research Group by Northrop for Dealing Security Threats
- UK developer Codemasters loses admin names to hackers
