IE 10 zero-day attack targets US military

IE 10 zero-day attack targets US military

Summary: Security firm Fireeye has identified an attack using the Veterans of Foreign Wars website which they believe targets US military personnel.

SHARE:
TOPICS: Security
1

Fireeye, a security research firm, has identified a targeted and sophisticated attack which they believe to be aimed at US military personnel. Fireeye calls this specific attack Operation SnowMan.

The attack was staged from the web site of the U.S. Veterans of Foreign Wars which the attackers had compromised. Pages from the site were modified to include code (in an IFRAME) which exploited an unpatched vulnerability in Internet Explorer 10 on systems which also have Adobe Flash Player.

The actual vulnerability is in Internet Explorer 10, but it relies on a malicious Flash object and a callback from that Flash object to the vulnerability trigger in JavaScript. Fireeye says they are in touch with Microsoft about the vulnerability.

The attack checks to make sure it is running on IE10 and that the user is not running the Microsoft Enhanced Mitigation Experience Toolkit (EMET), a tool which can help to harden applications against attack. So running another version of IE, including IE11, or installing EMET would protect against this attack.

The attack was first identified on February 11. Fireeye believes that it was placed on the VFW site in order to be found by US military personnel, and that the attack was timed to coincide with a long holiday weekend and the major snowstorm which struck the eastern United States this week, including the Washington DC region.

Fireeye also presents evidence that the attack comes from the same group of attackers they have identified in previous sophisticated, high-value attacks, specifically Operation DeputyDog and Operation Ephemeral Hydra. They reach this conclusion by analyzing the techniques used. They say that this group has, in the past, attacked U.S. government entities, Japanese firms, defense industrial base (DIB) companies, law firms, information technology (IT) companies, mining companies and non-governmental organizations (NGOs).

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Since this effects Windows 7

    One can follow the mitigation recommendation.

    Mitigation
    The exploit targets IE 10 with Adobe Flash. It aborts exploitation if the user is browsing with a different version of IE or has installed Microsoft’s Experience Mitigation Toolkit (EMET). So installing EMET or updating to IE 11 prevents this exploit from functioning.
    RickLively