Latest IE attacks connected to espionage group

Share this article:

Symantec has linked exploits that leverage a new zero-day vulnerability in Internet Explorer to the group responsible for a spate of recent espionage attacks.

Dubbed the "Elderwood Project" by Symantec, the gang's work is responsible for at least four remote code execution vulnerabilities that were discovered in 2012 and used to spread malware to visitors of websites such as Amnesty International Hong Kong, according to a post Thursday from Symantec Security Response.

While the attackers used spear phishing emails in the past, researchers are now seeing the emergence of “watering hole” tactics being used – where they compromise websites that are frequented by employees working at targeted companies, or even lower-tier organizations, like manufacturers, in the defense supply chain.

The latest zero-day was used as part of a so-called "watering hole" attack against the website for the policy think tank Council on Foreign Relations, the influential membership group that helps shape U.S. foreign policy.

About two weeks ago, the site was hijacked with malicious JavaScript to serve an Adobe Flash exploit, which in turn triggered a heap-spray attack, according to researchers at security firm FireEye. The malware was delivered to users whose operating system language was set to English, Chinese, Japanese, Korean or Russian.

The Elderwood attacks kicked off in 2010, when Google, Adobe and about 30 other high-profile companies said they were hit by sophisticated attacks believed to have been launched by Chinese adversaries looking to steal intellectual property.

"It has become clear that the group behind the Elderwood Project continues to produce new zero-day vulnerabilities for use in watering hole attacks and we expect them to continue to do so in the New Year," according to Symantec.
Share this article:

Sign up to our newsletters

More in News

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

Researcher hacks network connected devices in own home

Researcher hacks network connected devices in own home

In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.

Study: Most higher ed malware infections attributed to 'Flashback'

Study: Most higher ed malware infections attributed to ...

Flashback caused a stir in 2012 when some 650,000 Macs were infected with the malware.