Apple, Facebook hackers hit car and candy companies too

After dozens of tech companies revealed they were cyberattacked last month, other businesses in different industries are saying they were also victims.

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
Dara Kerr
2 min read

More details have been revealed about the massive cyberattack that hit several tech companies last month. Not only were Apple, Facebook, Microsoft, and Twitter hit -- but other industries' computer systems were also hacked, including prominent car manufacturers, U.S. government agencies, and a candy company.

According to The Security Ledger, people familiar with the matter said that hackers infiltrated computer networks by using at least three third-party "watering hole" Web sites, which made it possible for hackers to put malware on those companies' computers.

"The breadth of types of services and entities targeted does not reflect a targeted attack on a single tech or industry sector," Facebook's chief of security, Joe Sullivan, told The Security Ledger.

Roughly 40 known companies have been victims of cyberattacks during the past several months. At least some of these hacks are thought to have originated in Eastern Europe while others are suspected to have come from China.

It's still unclear if all of the companies were targeted by one group of hackers or if they were isolated incidents. It's also not yet known which car manufacturers, U.S. government agencies, and candy company were attacked, according to The Security Ledger.

Many of the companies attacked said they believed the hackers made use of a vulnerability in a Java plug-in and that it was sourced from a site for software developers called iPhonedevsdk. According to The Security Ledger, hackers also used at least two mobile app development sites -- getting into their systems with the same Java plug-in vulnerability. By going through these third-party sites, hackers were able to go after people who visited the sites.

Despite the hackers infiltrating so many computer systems, not every person who visited these third-party sites was a victim of the attacks. According to The Security Ledger, the hackers targeted specific individuals and companies.

"We're still investigating why only certain users were affected, whether there was a pattern, and how many may have been targeted," iPhonedevsdk owner Ian Sefferman told The Security Ledger.