May 6, 2013
US Nuclear Researchers Targeted Via Zero-Day Flaw In Internet Explorer 8
Michael Harper for redOrbit.com — Your Universe Online
A zero-day flaw has been found in Microsoft´s Internet Explorer 8 (IE8), a four year old version of their popular web browser. Security experts and Microsoft alike have pointed out this flaw which has been found to be used by Chinese hackers to target US nuclear researchers in watering-hole attacks.
According to security experts at Invincea, the Department of Labor (DoL) was compromised on May 1 to redirect visitors to a website which would take advantage of the Internet Explorer vulnerability. Here, the Poison Ivy Backdoor Trojan was installed. Invincea notes the hackers were using DoL's website to lure in larger targets, a method common in watering hole attacks.
Microsoft has since acknowledged this flaw, saying the vulnerability has not been found in other versions of the browser, which include 6, 7, 9 and 10. The company said they´re working on a patch for the flaw, though they did not give an estimation for when this fix would ship. In the meantime, those who use IE8 are urged to upgrade to IE9 or IE10.
In an earlier blog post, Invincea claimed that the vulnerability being used by these hackers had been patched in an earlier version of IE8. Invincea later discovered that this flaw is new and therefore yet to be patched. The security firm also explained how these hackers used a watering hole technique to attack a larger target.
“First, the web pages that were compromised on the DoL site are intended for Dept of Energy employees (and their DoL representatives) in dealing with nuclear-related illnesses linked to Dept of Energy facilities and the toxicity levels at each location,” wrote Eddie Mitchell in Friday´s blog post. “As such this compromise is now widely believed to be a watering hole attack that involves compromising one Federal Dept (DoL) to target another (DoE).”
Mitchell also points out that other security labs have traced the attacks back to “DeepPanda,” a group of hackers believed to be located in China which carries out espionage attacks on other countries.
“We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers,” reads Microsoft´s Security Advisory about this flaw. “In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.”
While potentially dangerous, it is not thought that this vulnerability will adversely affect the general public as the hackers have so far only targeted government websites and nuclear researchers.
Those wanting to protect themselves from this vulnerability, however, are urged to enable a firewall, install anti-malware software and install any and all software updates. IE8 users can also use Microsoft´s Enhanced Mitigation Experience Toolkit (EMET) to add extra layers of protection. Microsoft often encourages the use of their EMET whenever flaws or vulnerabilities are discovered in their software.
Invincea also provides their own brand of antivirus and anti-malware software and notes that their users are already safe from this specific vulnerability.