Why Would APT Exploit Adobe?

After reading this statement from Adobe, they seem to be using the same language that described the Google v China incident:

Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies. We are currently in contact with other companies and are investigating the incident.

Let's assume, due to language and news timing, that it's also APT. Would would APT exploit Adobe? Am I giving Adobe too much credit if I hypothesize that APT wanted to know more about Adobe's product security plans, in order to continue exploiting Adobe's products?

If that is the case, who else might APT infiltrate? Should we start looking for similar announcements from other software vendors?

Comments

Tyler said…
I don't think you're giving Adobe too much credit. In fact, I think you're hitting it right on the head. In fact, I wouldn't be surprised if we heard from Microsoft, Cisco and Yahoo (email repository) and other similar companies.
Anonymous said…
Brian Kerbs confirmed Adobe incident is a coincident-- according to Adobe PR, of course.
Anonymous said…
Google reveals more info:
http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

via:
http://isc.sans.org/diary.html?storyid=7969
Kyrka said…
Given that Intellectual Property is one of the targets, and Adobe is deeply entrenched in legal firms all over the world... Adobe makes a perfect attack vector to what they're after.
Anonymous said…
You are correct... once they have the source code they can queue up numerous zero day exploits until they are needed.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics