Microsoft Latest To Suffer Java Hack Attack

Microsoft has admitted it was hit by an attack on a Java flaw which was also used to hit Facebook and Apple, indicating the hack may have been carried out by the same attackers.

“As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion,” said Matt Thomlinson, general manager of Microsoft’s Trustworthy Computing Security, in a blog post on Friday.

Customer data ‘not affected’

Microsoft said it found a “small number of computers”, including some in its Mac business unit, that were infected by malicious software using techniques similar to those disclosed by Facebook and Apple.

“Consistent with our security response practices, we chose not to make a statement during the initial information gathering process,” Thomlinson wrote. “We have no evidence of customer data being affected and our investigation is ongoing.”

The attacks on Facebook and Apple both targeted software developers via a website for iOS development, which was compromised and made to serve a Java exploit. Microsoft’s comments suggest its employees may have been hacked via the same website.

Chinese link?

In reporting its hack Facebook said it had tracked the attackers back to systems in China.

Last week, security company Mandiant released a report suggesting a group associated with, or possibly part of, China’s People’s Liberation Army (PLA) was responsible for hitting a large number of English-speaking businesses, many based in the US. China has denied those claims.

Hacks on various media firms, including the New York Times and the Washington Post, have also been attributed to China, which it has also denied. Earlier this month Twitter said it was hit by an attack similar to those which hit the media outlets, resulting in the theft of about 250,000 user passwords.

Other reports suggested that the recent round of attacks on English-language media companies, which hit more than 40 companies, were carried out by an Eastern European hacker group.

Many of the recent attacks, including those on Apple and Facebook, were carried out via a previously unknown security flaw in Java, according to the companies involved. Facebook said it had notified Oracle of the flaw, which Facebook indicated was patched in a 1 February Java update.

How well do you know Apple? Take our quiz.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

View Comments

  • This really should be taken more seriously. Oracle has destroyed Java’s reputation, and it is barely even needed for anything anymore! To avoid the risk, pretty much everyone should disable it in their browser. Here is how if anyone needs a hand http://disablejava.com

Recent Posts

Google Warns Of Italian Spyware On Apple, Android Phones

Italian company's hacking tools have been used to spy on Apple, Android smartphones in Italy…

2 days ago

Intel Signals Delay To Ohio Factory Over US Chips Act Dispute

Chip maker warns new factory in Columbus, Ohio could be delayed or scaled back, over…

2 days ago

Silicon UK In Focus Podcast: Sustainable Business

How do sustainable businesses use technology to innovate? And as businesses want to connect sustainability…

2 days ago

Australia Fines Samsung Over Water-Resistance Claims

Samsung rapped over the knuckles by Australian regulator because of 'misleading' Galaxy smartphone water-resistance claims…

3 days ago

Amazon Reveals Alexa Option To Mimic Any Person’s Voice

Bereavement aid for those in mourning? Amazon's Alexa voice assistant could be programmed to sound…

3 days ago