At least 760 organizations appear to have fallen victim to the same attacks that compromised RSA's SecurID authentication system earlier this year.
The names appear on a list of targeted machines that had phoned home to the same command-and-control (C&C) servers used in the March attacks on RSA.The list was shared by information professionals to Congress and subsequently published by blog "Krebs on Security."
It includes names such as eBay, Motorola, IBM, McAfee and VMware. A number of telecommunication firms also appeared on the list but likely because their subscribers were compromised.
Three hundred of the 339 C&C servers identified in the attacks were located in China, according to the analysis.
RSA leaders have openly discussed some details on the attack, but President Art Coviello, speaking at RSA Conference Europe earlier this month, said the company lacked the evidence to determine the culprit of the breach. He maintained that the compromised SecurID token system did not result in customer data loss.
“There has been no successful attacks with the information and only one incident where the information taken was used in an attack,” Coviello said, presumably referring to the breach of systems at defense contractor Lockheed Martin.
