Latest IE attacks connected to espionage group

Share this article:

Symantec has linked exploits that leverage a new zero-day vulnerability in Internet Explorer to the group responsible for a spate of recent espionage attacks.

Dubbed the "Elderwood Project" by Symantec, the gang's work is responsible for at least four remote code execution vulnerabilities that were discovered in 2012 and used to spread malware to visitors of websites such as Amnesty International Hong Kong, according to a post Thursday from Symantec Security Response.

While the attackers used spear phishing emails in the past, researchers are now seeing the emergence of “watering hole” tactics being used – where they compromise websites that are frequented by employees working at targeted companies, or even lower-tier organizations, like manufacturers, in the defense supply chain.

The latest zero-day was used as part of a so-called "watering hole" attack against the website for the policy think tank Council on Foreign Relations, the influential membership group that helps shape U.S. foreign policy.

About two weeks ago, the site was hijacked with malicious JavaScript to serve an Adobe Flash exploit, which in turn triggered a heap-spray attack, according to researchers at security firm FireEye. The malware was delivered to users whose operating system language was set to English, Chinese, Japanese, Korean or Russian.

The Elderwood attacks kicked off in 2010, when Google, Adobe and about 30 other high-profile companies said they were hit by sophisticated attacks believed to have been launched by Chinese adversaries looking to steal intellectual property.

"It has become clear that the group behind the Elderwood Project continues to produce new zero-day vulnerabilities for use in watering hole attacks and we expect them to continue to do so in the New Year," according to Symantec.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

SEDNIT malware delivered in 'Operation Pawn Storm'

SEDNIT malware delivered in 'Operation Pawn Storm'

Military, governments and media from around the world are targets in a campaign identified by Trend Micro.

Malvertising impacts Yahoo, AOL visitors, spreads ransomware

Malvertising impacts Yahoo, AOL visitors, spreads ransomware

The malvertising campaign is serving CryptoWall 2.0, researchers at Proofpoint revealed.

Federal Trade Commission appoints new chief technologist

The government agency has announced Ashkan Soltani as its new chief technologist, according to a release.