RSA executive chairman Art Coviello said on Tuesday, that there were two groups of hackers working for a nation-state, who were behind a cyberattack on RSA that stole information on its SecurID tokens. "We know there were two groups because of the methodology in the attack," Coviello said, "We have not attributed the attack to a particular nation state, although we are very confident, with the skill and the degree and the resource behind the attack, that it could only have been perpetrated by a nation state."
RSA disclosed the cyberattack in March. As part of the attack, hackers stealthily removed information related to SecurID, which is used by thousands of large organizations to authenticate staff. In June, the company said it would replace SecurID tokens for virtually all its customers, after stolen data was found to have been used in a failed attack on Lockheed Martin.
Coviello told press at the RSA Conference in London that the attack on RSA aimed to grab information that could be used for cyber-espionage, by stealing data largely from defence contractors. The hackers left enough traces for an investigation, but RSA does not have the forensic evidence to track the exfiltrated information back to a particular nation state, he added.
For more on this story, read RSA: Nation state double-teamed on SecurID attack on ZDNet UK.