An espionage group is spreading a remote access trojan (RAT) and other malware with the help of three recently patched vulnerabilities in Java and Internet Explorer.
According to researchers at FireEye, a collective dubbed the “Sunshop Group” is behind the malicious activities and has compromised several websites, including ones for Korean military and strategy think tanks, and a Uyghur news and discussion forum among others, according to a Monday blog post from Ned Moran, a researcher at FireEye.
According to Moran, the Sunshop Group also infected the Nobel Peace Prize's website back in 2010, using a Firefox zero-day in that instance.
In recent Sunshop attacks, users visiting compromised sites are redirected to a malicious page at a site called “Sunshop” – hence researchers' name for the group.
At the Sunshop site, victims download the a RAT known as "Lady Boyle" and additional malware, which include backdoor trojans.