Attackers used social networks to research friends of employees with access to data and then posed as those friends, sending workers links to malware in instant messages, according to the Financial Times.
People behind the China-based online attacks of Google and other companies looked up key employees on social networks and contacted them pretending to be their friends to get the workers to click on links leading to malware, according to a published report on Monday.
"The most significant discovery is that the attackers had selected employees at the companies with access to proprietary data, then learnt who their friends were," the Financial Times reported. "The hackers compromised the social network accounts of those friends, hoping to enhance the probability that their final targets would click on the links they sent."
"We're seeing a lot more up-front reconnaissance, understanding who the players are at the company and how to reach them," George Kurtz, chief technology officer at security firm McAfee, told the Financial Times. "Someone went to the trouble to backtrack: 'Let me look at their friends, who I can target as a secondary person.'"
The attackers used a popular instant-messaging program to distribute the malware link to target employees, Kurtz said. The malware exploited a hole in Internet Explorer that Microsoft patched just last week.
Google also is looking into whether insiders in its China office played any role in the attacks, which have prompted the search giant to say it will stop censoring its results in China and may stop doing business there.
Google disclosed two weeks ago the attacks on its network in mid-December that led to the theft of intellectual property, as well as attacks targeting Gmail users who are human rights activists. More than 30 companies are believed to have been targeted, including Adobe.
Asked to comment, a Google spokesperson said: "As we've said, we are not going to comment on the specifics of the attack in more detail than we have already done because our investigation is ongoing. We also can't comment on what McAfee may have observed from other affected companies."
"While we continue to investigate this targeted and sophisticated attack, to date we have seen no indication of any insider involvement," the spokesperson said.
Kurtz and other McAfee executives could not be reached for comment Monday night.
Updated 8:26 p.m. PST with Google comment.