Google Hackers Targeted Source Code of More Than 30 Companies

By Kim Zetter
Threat Level
Wired.com
January 13, 2010

A hack attack that targeted Google in December also hit 33 other companies, including financial institutions and defense contractors, and was aimed at stealing source code from the companies, say security researchers at iDefense.

The hackers used a zero-day vulnerability in Adobe Reader to deliver malware to many of the companies and were in some cases successful at siphoning the source code they sought, according to a statement distributed Tuesday by iDefense, a division of VeriSign. The attack was similar to one that targeted other companies last July, the company said.

A spokeswoman for iDefense wouldn't name any of the other companies that were targeted in the recent attack, except Adobe.

Adobe acknowledged Tuesday in a blog post that it discovered Jan. 2 that it had been the target of a "sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies."

The company didn.t say whether it was a victim of the same attack that struck Google. But Adobe.s announcement came just minutes after Google revealed that it had been the target of a "highly sophisticated" hack attack originating in China in December.

Neither Google nor Adobe provided details about how the hacks occurred.
Google said only that the hackers were able to steal unspecified intellectual property from it, and that they had focused their attack on obtaining access to the Gmail accounts of human rights activists who were involved in China rights issues.

But according to iDefense, whose customers include some of the 33 companies that were hacked, the attacks were well targeted and "unusually sophisticated" and aimed at grabbing source code from several hi-tech companies based in Silicon Valley as well as financial institutions and defense contractors.