An Eastern European gang of hackers bent on stealing company secrets was responsible for recent attacks on Apple, Facebook and Twitter as well as dozens of other less-publicized hacks, according to new reports.
Two unnamed "people familiar with the matter" told Bloomberg that the hackers appeared to be looking for research, intellectual property or other private information that they can sell on the underground market.
Apple confirmed Tuesday that some of its employees' computers had been compromised after they visited a hacked website for iPhone developers. That site exploited a vulnerability in the Java browser plug-in.
Weeks earlier, Facebook said that some of its computers were also compromised after employees visited a developer site.
Both Facebook and Apple said no user data were accessed in the attacks.
Earlier in January, Twitter said it, too, was attacked and that about 250,000 user accounts may have been compromised, with names and e-mails possibly being uncovered.
As news of the intrusions spread, suspicions turned toward hackers in China. The nation's government denies it supports hacking.
But experts said it wouldn't be surprising if the attacks originated in Eastern Europe instead.
"We've all been watching China, but they're not the most advanced cybercriminals," said Tom Kellermann, the former commissioner of President Barack Obama's cybersecurity council and head of security at Trend Micro. "The most advanced are from the Eastern Bloc and Russia."
Kellermann said that a "giant arms bazaar" has developed in Eastern Europe by which criminals sell cybertools to others. That way, he said, organized crime elements and even terror groups end up with the same kind of advanced tools some governments possess.
"That's what I'm most worried about," Kellermann said. "I wish this stuff were just nation-state on nation-state, so then we could crank up our diplomacy. But regimes don't have a monopoly on Big Brother, and they don't have a monopoly on cyber capabilities."
The recent hacks appear to have used what cybersecurity experts call a "water hole" attack. Like a lion waiting for those speedy gazelles to slow down and have a drink, criminals hack and load viruses onto sites they suspect attractive targets will visit, then wait.
They don't know exactly who their victims will be. But once the victims are infected, the hackers can follow them back to their own businesses' networks to snoop around.
One site used in the attacks appears to be called iPhone Dev SDK, a forum for developers who work with Apple's mobile operating system.
"iPhoneDevSDK has learned it was used as part of an attack whose victims included large Internet companies," read a message at the top of the site's home page Wednesday. "We have no reason to believe user data (were) compromised, but to be safe, we've reset all user passwords."
Security holes in Oracle's Java programming language have been responsible for a number of the recent attacks. The Department of Homeland Security released a warning about the software in January.
Apple pointed out in its statement that Macs running the most recent operating system, OS X Lion, have not come with Java pre-installed and that the computers automatically disable the plug-in after 35 days of inactivity.