The attack is part of the same series of invasions that also led to recently disclosed breaches at Facebook and Twitter, according to investigators working with the companies. The hackers appear to be seeking company secrets, research and intellectual property they can sell underground. Although such attacks have previously been associated with China, sophisticated criminals in other countries have now successfully hacked corporate networks.
Facebook said last week that it was subjected to a "sophisticated attack" by hackers who took advantage of weaknesses in a mobile-developer website. Apple said its computers were infected in a similar manner, although it didn't name Facebook or any other affected companies.
Twitter, the microblogging site with more than 200 million active users, said this month that it detected unauthorized attempts to hack into its systems and that attackers may have obtained access to information for about 250,000 people. It said the perpetrators were "extremely sophisticated."
Information from the social media sites could be used to target employees of other companies, the investigators said.
Devices at the companies were first infected when users visited the iPhone developers site iphonedevsdk.com, which the hackers had infiltrated and used to implant malware via a security flaw in the victims' browsers. RSA Security Inc. has dubbed the tactic a waterhole attack, because victims were attracted to the source of the infection like animals attracted to a waterhole on the savanna.
In this case, the website was probably visited by software developers and other employees of technology companies, which would present attractive targets to hackers, according to Anup Ghosh, founder of the security firm Invincea Inc. The hackers, who don't know ahead of time exactly who will be infected, then use those initial infections to burrow deeper into networks of companies that might have valuable data, Ghosh said.
Investigators suspect that the hackers are a criminal group based in Russia or Eastern Europe, and have tracked at least one server being used by the group to a hosting company in the Ukraine. Other evidence, including the malware used in the attack, also suggest it is the work of cyber criminals rather than state-sponsored espionage from China.