Last month, a malware-infected site appeared to be the root cause of some high-profile hacking: Facebook, Microsoft, Twitter, and Apple were all compromised in the attack. Now, The Security Ledger has learned that the one infected site was not the only cause of these attacks — at least two other mobile application development sites were also attacked, and an undisclosed number of other, non-dev focused sites were part of the attack as well. The victims of the attacks also reportedly went well beyond just the technology segment — auto manufacturers, US government agencies, and a high-profile candy maker were also hit in the attack. At first, the attack was looked at as a fairly targeted affair, but this new information makes it seem more like a widespread operation that was meant to hit as many companies as possible. "The breadth of types of services and entities targeted does not reflect a targeted attack on a single tech or industry sector," said Joe Sullivan, head of security at Facebook.
Shortly after the attack, Facebook indicated that it was working with federal law enforcement, and it appears that investigation is still ongoing. The FBI declined to comment on The Security Ledger's report; with ever new bit of news on the hack indicating that this attack was bigger than it first appeared, we'd expect the FBI to continue investigating before releasing any details to the public. While it was believed that the hack originated from China, the point of origin is still not clear — due to the size of the attack, some now believe it was the result of a criminal organization rather than a nation-sponsored attack. While new details have come to light, a lot of questions still remain about the seemingly-sophisticated assault.