Jordan Robertson and Michael Riley report:
Hackers burrowed into the databanks of JPMorgan Chase & Co. (JPM) and deftly dodged one of the world’s largest arrays of sophisticated detection systems for months.
The attack, an outline of which was provided by two people familiar with the firm’s investigation, started in June at the digital equivalent of JPMorgan’s front door, exploiting an overlooked flaw in one of the bank’s websites. From there, it quickly developed into any security team’s worst nightmare.
Read more on Bloomberg.
What I want to know is whether our government already knew about the 0-day exploit. There’s been a lot of discussion about whether the government is keeping 0-days close to their chest for their own use. Did that happen here, to the detriment of JPMorgan and its customers?