Internet Explorer 8 Zero-Day Attack Expands to Nine Additional Websites

May 08, 2013

A recent zero-day attack targeting Internet Explorer 8 on the U.S. Department of Labor’s website has now affected nine more global sites, including those operated by a major European aerospace, defense, and security company, alongside various non-profit organizations and institutions.

The attacks leverage a previously unknown and unpatched vulnerability in Microsoft’s Internet Explorer browser. Researchers have linked this campaign to a China-based hacking group known as “DeepPanda.” Security firm CrowdStrike reports that their investigations indicate the attack commenced in mid-March. Analysis of malicious infrastructure logs revealed visitor IP addresses from 37 different countries, with 71% based in the U.S., 11% in South/Southeast Asia, and 10% in Europe.

Internet Explorer 8 Zero-Day Exploit Expands to Nine Additional Websites

May 8, 2013

A zero-day exploit targeting Internet Explorer 8 has spread beyond its initial attack, impacting nine more websites over the weekend. This includes a significant European corporation in the aerospace, defense, and security sectors, along with various non-profit organizations and institutes. The attacks leverage a previously undisclosed, unpatched vulnerability within Microsoft’s Internet Explorer browser.

Researchers investigating the breach have linked the campaign to a China-based hacking group known as DeepPanda. Security firm CrowdStrike reports that evidence suggests the campaign began in mid-March, indicating a well-planned and sustained effort. Analysis of the infrastructure used in the attacks revealed compromised site logs that reflected the IP addresses of visitors, showing connections from 37 different countries. Notably, 71 percent of these addresses originated in the United States, followed by 11 percent from South and Southeast Asia, and 10 percent from Europe.

The implications of this attack are significant, especially for organizations focused on protecting their digital environments. The initial access tactic employed appears to tap into common exploit vectors, exploiting the vulnerability to gain entry into targeted systems. Once within, adversaries may have employed methods to ensure persistence within the compromised networks, allowing for prolonged access and the potential for data exfiltration and other malicious activities.

In light of this incident, companies should consider the full spectrum of tactics outlined in the MITRE ATT&CK framework. Relevant tactics include initial access, persistence, and privilege escalation, which provide a foundational understanding of how adversaries might maneuver within infiltrated systems. Contingent upon the severity and sophistication of the attacks, organizations are advised to conduct thorough assessments of their security postures and ensure that appropriate defenses are instituted.

Business owners need to remain vigilant against similar vulnerabilities that may arise, emphasizing the importance of timely patch management and incident response protocols. Cyber hygiene must become a fundamental aspect of everyday operations, not only to mitigate current threats but also to safeguard against future attacks targeting unpatched systems.

Source link

Related Posts

Researchers Discover New Malware Used by Chinese Cybercriminals

May 10, 2013

Trend Micro experts have identified a new piece of backdoor malware from the Winnti family, primarily utilized by a Chinese cybercriminal group targeting Southeast Asian organizations in the gaming sector. This Winnti malware enables hackers to take control of users’ systems via a backdoor hidden within the legitimate Aheadlib analysis tool. Named “Bkdr_Tengo.A,” it masquerades as a genuine system DLL file known as winmm.dll. “We believe this was executed using the legitimate Aheadlib analysis tool,” stated Eduardo Altares from Trend Micro. “The file is not encrypted and is relatively straightforward to analyze. Its primary function involves stealing Microsoft Office, .PDF, and .TIFF files from USB drives connected to the system. These extracted files are stored in the $NtUninstallKB080515$ folder within Windows, alongside a log file named Usblog_DXM.log that tracks the activity.”

LulzSec Hackers Facing Sentencing for Cyber Attacks on CIA and Pentagon

Four individuals linked to the hacking group LulzSec appeared in a London court for sentencing on Wednesday. Ryan Ackroyd, Jake Davis, Mustafa al-Bassam, and Ryan Cleary have all pleaded guilty to various hacking offenses. The name LulzSec combines “lulz,” meaning to laugh out loud, and “security,” signaling a mockery of online security measures. Emerging from their bedrooms in 2011, they orchestrated attacks that inflicted millions of pounds in damages on entities like the NHS, CIA, and U.S. military websites, resulting in the theft of sensitive data, including emails, passwords, and credit card details of hundreds of thousands of individuals. Southwark Crown Court heard that they also executed distributed denial of service (DDoS) attacks that crashed numerous websites. Ackroyd, 26, from Mexborough, South Yorkshire, admitted to stealing data from Sony.