More details have been revealed about the massive cyberattack that hit several tech companies last month. Not only were, , , and hit -- but other industries' computer systems were also hacked, including prominent car manufacturers, U.S. government agencies, and a candy company.
According to The Security Ledger, people familiar with the matter said that hackers infiltrated computer networks by using at least three third-party "watering hole" Web sites, which made it possible for hackers to put malware on those companies' computers.
"The breadth of types of services and entities targeted does not reflect a targeted attack on a single tech or industry sector," Facebook's chief of security, Joe Sullivan, told The Security Ledger.
Roughly 40 known companies have been. At least some of these hacks are thought to have while others are suspected to have .
It's still unclear if all of the companies were targeted by one group of hackers or if they were isolated incidents. It's also not yet known which car manufacturers, U.S. government agencies, and candy company were attacked, according to The Security Ledger.Many of the companies attacked said they believed the hackers made use of a vulnerability in a Java plug-in and that it was called iPhonedevsdk. According to The Security Ledger, hackers also used at least two mobile app development sites -- getting into their systems with the same Java plug-in vulnerability. By going through these third-party sites, hackers were able to go after people who visited the sites.
Despite the hackers infiltrating so many computer systems, not every person who visited these third-party sites was a victim of the attacks. According to The Security Ledger, the hackers targeted specific individuals and companies.
"We're still investigating why only certain users were affected, whether there was a pattern, and how many may have been targeted," iPhonedevsdk owner Ian Sefferman told The Security Ledger.