Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detec

admin2016-10-27  52

问题 Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident—albeit a significant one—was something quite different.
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses—including the Internet, finance, technology, media and chemical sectors—have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U. S. authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of social activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information(such as the date the account was created)and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U. S. and Europe-based Gmail users who are advocates of human rights appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users computers.

选项

答案 与其他许多知名组织一样,谷歌也会经常面临不同程度的网络袭击。去年12月中旬,我们侦测到了一次来自中国的精心策划的针对公司基础架构的攻击,并造成谷歌公司的知识产权被窃。不过,事态很快变得明了,此次起初看似独立的安全事件——尽管很严重——与以往单独的网络安全事件完全不同。 首先,该次网络攻击并非单独针对谷歌。据我们调查,至少20家各行各业的大型公司都遭遇了类似的攻击,这些公司遍布互联网,金融,科技,媒体和化学工业。目前,我们正在向这些公司通报情况,并与美国相关政府部门合作处理这起事件。 其次,有证据显示,此次攻击的首要目标是窃取中国人权活动人士的Gmail账户内容。根据迄今为止的调查结果,我们相信这些攻击并没有达到预期目标。只有两个Gmail账户被非法进入,但仅获得了账户信息(比如账户何时创建)以及邮件标题栏,具体邮件内容并未泄露。 第三,作为调查的一部分,但与本次针对谷歌的攻击无关,我们发现数十个注册地在美国和欧洲的人权活动人士的Gmail邮箱账户似乎经常受到第三方侵入。入侵者并非是通过谷歌的安全漏洞进行攻击,而极有可能是通过在用户的电脑内植入钓鱼网页或是恶意软件来达到目的。

解析
转载请注明原文地址:https://kaotiyun.com/show/3Jya777K
0

最新回复(0)