Attacks on Adobe also came from China

Attacks on Adobe also came from China

Adobe confirmed to the press its suspicions about the relationship between the attacks it has been suffering and the attacks recently also reported by Google to its technological infrastructure.

The company admitted to PC Pro that «an investigation is continuing, but that its incident and the one announced by Google are related». The statement follows an explanation that the company had posted on the blog, where it was already possible to identify some similarities in the type of attack suffered, in relation to the one that victimized Google.

In the note, Adobe admitted to being the victim «of a security incident that involved a sophisticated and coordinated attack against the network systems managed by Adobe and other companies», as it had, moreover, been advanced when launching its quarterly package of corrections on Tuesday.

It should be remembered that when, also this week, Google published a new stance in the Chinese market and denounced a series of attacks that it would be victim of in recent times, the company also ensured that not only attacks on its technological infrastructure – which would have resulted in theft of intellectual property – but at least two dozen more companies from various sectors of activity.

It is not yet clear how the attackers will have managed to shake the infrastructure of Google, Adobe and other companies, but some experts argue that it may have been through malicious PDFs that exploited vulnerabilities in Adobe Reader.

The technique is the same used in Ghost Net, a network that several indicators indicate is exclusively hosted in China and that until March last year would have been used to spy on computers in 103 countries.

The network was denounced at that time by the University of Toronto’s Munk Center for International Studies, after ten months of an investigation, which began following a suspicion from the Dalai Lama’s office regarding espionage in its systems.

What the researchers eventually found was that, unlike other botnets, Ghost Net does not operate for financial purposes, but is set up to intercept communications and send them to the network. The targets are ministries of foreign affairs, political bodies and, to confirm the new suspicions, large Western companies.

Among the names of Ghost Net’s target foreign international offices, revealed at the time of the discovery by researchers, was also the name of Portugal, along with other countries such as Iran, South Korea, Pakistan or Germany.

In all of them, the intrusion method would have involved the use of the gh0st RAT trojan, hidden in mail messages. Once the message was opened, the trojan would allow full access to the system.

The report was nevertheless careful in assigning responsibilities to Chinese intelligence services, although it was clear about the source of the network. In any case, it classified Ghost Net as the world’s largest spy cybernet.