Cyberspies assault Facebook employees

Goal apparently was to reach the company’s production environment. Attackers gained “some limited visibility” into production systems, but there is no evidence that data was exfiltrated. Some of the engineers’ corporate data, email and some software code was harvested from the laptops themselves. “Rather than using typical targeted approaches like ‘spear phishing’ with e-mails to individuals, the attackers used a ‘watering hole’ attack—compromising the server of a popular mobile developer Web forum and using it to spring” malware from there onto site visitors. No evidence that Facebook user data was compromised. https://www.facebook.com/notes/facebook-security/protecting-people-on-facebook/10151249208250766