Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, according to a computer-security company that discovered the breach.
The damage from the latest cyberattack is still being assessed, and affected companies are still being notified. But data compiled by NetWitness, the closely held firm that discovered the breaches, showed that hackers gained access to a wide array of data at 2,411 companies, from credit-card transactions to intellectual property.
The hacking operation, the latest of several major hacks that have raised alarms for companies and government officials, is still running and it isn't clear to what extent it has been contained, NetWitness said. Also unclear is the full amount of data stolen and how it was used. Two companies that were infiltrated, pharmaceutical giant Merck & Co. and Cardinal Health Inc., said they had isolated and contained the problem.
Starting in late 2008, hackers operating a command center in Germany got into corporate networks by enticing employees to click on contaminated Web sites, e-mail attachments or ads purporting to clean up viruses, NetWitness found.
In more than 100 cases, the hackers gained access to corporate servers that store large quantities of business data, such as company files, databases and e-mail.
They also broke into computers at 10 U.S. government agencies. In one case, they obtained the user name and password of a soldier's military e-mail account, NetWitness found. A Pentagon spokesman said the military didn't comment on specific threats or intrusions.