Global financial services firm Morgan Stanley seems also to have been a victim of the hackers behind the Aurora attacks which came to light a year ago when Google decided to go public with the information that their networks have been breached.
Almost immediately, the investigation into the matter uncovered that many other companies have been targeted as well – not only IT companies but others doing business in a variety of sectors such as finance, media, technology, etc.
Speculation about which companies have been targeted abounded, but this is the first time that Morgan Stanley was specifically mentioned, and that particular piece of information was found among the company e-mails stolen from security firm HBGary and published online by Anonymous.
“They were hit hard by the real Aurora attacks (not the crap in the news),” wrote HBGary senior security engineer Phil Wallisch after having read an internal company report detailing the attacks.
But, he didn’t give out any other details about the attack in his e-mails to HBGary President Penny Leavy-Hoglund, since they asked him not to share the information contained within the report with anyone. In fact, HBGary was called in to investigate another network breach by hackers who had nothing to do with the Aurora attacks, and it is likely that the firm believed the report could shed some light on the subsequent attacks.
According to Bloomberg, these other hackers managed to introduce malicious software into Morgan Stanley’s systems which was aimed at stealing confidential internal documents, and HBGary was hired to up the firm’s defenses and plug existing holes.
Morgan Stanley didn’t comment on the revelations, except for saying that malware and attempted computer compromises are something the firm deals as a normal part of conducting business and that it works with law enforcement where appropriate. HBGary is also refraining on commenting on anything regarding the stolen e-mails.