Latest IE attacks connected to espionage group

Share this article:

Symantec has linked exploits that leverage a new zero-day vulnerability in Internet Explorer to the group responsible for a spate of recent espionage attacks.

Dubbed the "Elderwood Project" by Symantec, the gang's work is responsible for at least four remote code execution vulnerabilities that were discovered in 2012 and used to spread malware to visitors of websites such as Amnesty International Hong Kong, according to a post Thursday from Symantec Security Response.

While the attackers used spear phishing emails in the past, researchers are now seeing the emergence of “watering hole” tactics being used – where they compromise websites that are frequented by employees working at targeted companies, or even lower-tier organizations, like manufacturers, in the defense supply chain.

The latest zero-day was used as part of a so-called "watering hole" attack against the website for the policy think tank Council on Foreign Relations, the influential membership group that helps shape U.S. foreign policy.

About two weeks ago, the site was hijacked with malicious JavaScript to serve an Adobe Flash exploit, which in turn triggered a heap-spray attack, according to researchers at security firm FireEye. The malware was delivered to users whose operating system language was set to English, Chinese, Japanese, Korean or Russian.

The Elderwood attacks kicked off in 2010, when Google, Adobe and about 30 other high-profile companies said they were hit by sophisticated attacks believed to have been launched by Chinese adversaries looking to steal intellectual property.

"It has become clear that the group behind the Elderwood Project continues to produce new zero-day vulnerabilities for use in watering hole attacks and we expect them to continue to do so in the New Year," according to Symantec.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.