Large-scale attacks aimed at Google etc., the purpose is the source code of each company

Google said recently that there was a highly sophisticated large-scale cyber attack against censorship by the Chinese government and human rights activist's Gmail account,We have revealed that there is a possibility of withdrawing from China in the coming weeksBut the survey revealed what the other purpose of this attack seems to be.

Apparently not only the information on human rights activists but also the design drawing of software which can be said to be the backbone of IT products owned by each companySource codeIt seems there is a possibility that it was aimed at.

Details are as below.
Google Hackers Targeted Source Code of More Than 30 Companies | Threat Level | Wired.com

Researchers identify command servers behind Google attack

According to these articles, researchers of iDefense Inc. under the umbrella of VeriSign (VeriSign), a company engaged in Internet infrastructure and security, unveiled the purpose of the systematic attack against Google and others in December 2009 I heard he did.

The attack method uses the vulnerability of Adobe Reader "Trojan.HydraqAttaching a PDF file with the virus embedded in the mail, sending it to the target company, when the employee who received the mail opens the PDF file, the virus invades the computer. The virus sends the source code which is the design drawing of the product from the personal computer or internal network to the large scale server which the criminal group had installed for receiving information. It seems that they finally succeeded in stealing the source code from several companies.

By the way, Google said it was more than 20 companies targeted, but iDefense's survey is said to be 33 companies. Similar attacks were made to 100 companies in Silicon Valley in July 2009, but the viruses used are different, but since the servers specified to receive the information are the same, The criminal group at this time is considered to have caused this incident.

As for this matter, AdobeDenial of vulnerability of own product used for attackAnd McAfee, a leading security product makerAnnouncement of survey result that Internet Explorer vulnerability was useddoing.

If the purpose of this large cyber attack really is source code, I announced that the Chinese government will launch in April last year,A system that forces manufacturers to disclose source code for foreign-made IT products produced / sold in their own countryI have no choice but to remember, in conjunction with the attacks of the human rights activist 's Gmail account in China, it is a matter of whom who is the executor of the attack.