Australian organisations hit by RSA SecurID attackers

Customers of Telstra, AAPT, Micron 21, Pacific Internet, Verizon Australia, Macquarie Telecom, iiNet and TPG were amongst hundreds of organisations hit by the hackers that breached EMC’s security division RSA.

Over 760 organisations were communicating with the same command and control servers used in the attack on RSA.

The list, compiled by security blogger Brian Krebbs, includes many of the largest organisations in the US, but also a broad list of internet service providers from around the world, including Australia.

This did not mean that the ISPs themselves were compromised, but could indicate that one or some of their customers were.

The report does not detail the source of the information, which also included a run down of where the command and control infrastructure was located. The majority of servers were located in and around Beijing, according to the report.

RSA boss Art Coviello earlier this month said the two pronged attack which it disclosed hazy details about in March this year could have only been pulled off by a nation state.

“This was one of the first times that there were actually a combined attack from two sources that came through the same opening, so it was a compound attack that made even that much more difficult to discover,” Coviello said at a cyber security hearing in the US.

Despite speculation that China was behind the attack, he stopped short of naming the nation.

The list of victims alongside RSA included Microsoft, IBM, Research in Motion, Cisco, Google, Intel, Novel as well as several large military and industrial contractors.

It was not known for how long the intrusions persisted or whether any information had been stolen, Krebbs pointed out.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.