Microsoft was the victim of a watering hole attack.

“During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations,” said Matt Thomlinson, General Manager of Microsoft’s Trustworthy Computing Security. He also said so far there is not evidence of customer data suffering issues.

Developer Site Zero Day Attack Source
Hiding Code into JavaScript
Adobe Mitigation Plan for Zero Day
Trojan a Work of ‘Poetry’

A watering hole attack is when an attacker plants malware at sites he thinks his target of interest will most visit.

“This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries. We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks,” he said.

Schneider Bold

He shared no more details about the breach.

Last week, Twitter, Facebook and Apple acknowledged they suffered watering hole attacks.

The watering hole in question was the iPhoneDevSDK forum site, popular with mobile developers, and the attacker have managed to infect the visitors’ computer by serving exploits for (at the time unpatched) Java vulnerabilities.

It remains unknown whether the attack focused on these high-profile targets.

Pin It on Pinterest

Share This