Breach, Data Security, Incident Response, Malware, TDR

Report: Zero-day attack used in 2010 NASDAQ breach

According to Bloomberg, hackers leveraged two zero-day vulnerabilities in their efforts to breach NASDAQ's servers in 2010. After months of digging into the attack, and talking to more than a dozen people familiar in varying degrees with officials' investigations, Bloomberg revealed its findings on Thursday.

While investigators initially believed that advanced spyware had been planted on the exchange's computers, to steal and even wipe sensitive data in the exchange, by mid-2011, some eventually concluded that Russian saboteurs “weren't trying to sabotage NASDAQ,” but instead “clone” its technology.

“They wanted to clone it, either to incorporate its technology directly into their exchange or as a model to learn from,” said Bloomberg, noting one unnamed investigator's claim that it was the “most convincing conclusion.”

NASDAQ confirmed the attack in February 2011, but claimed that its trading systems weren't affected.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.