Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 that came to light after the Council on Foreign Relations website was hacked and was hosting the code. Symantec has linked exploits to the group responsible for a spate of recent espionage attacks Dubbed the "Elderwood Project".
In May 2012, Amnesty International’s Hong Kong website was compromised & used to serve up a malicious SWF file that exploited CVE-2012-1875, a vulnerability affecting Internet Explorer. A few months later in Sep 2012, the same group behind that attack was responsible for using another IE zero-day CVE-2012-4969.
Microsoft issued a temporary Fix-it patch for the vulnerability but now researchers are claiming that they have bypassed the patch and were able to compromise a fully patched system. Name comes from a source code variable used by the attackers. In the past, the group has used a mix of spear-phishing emails and watering hole attacks to infect vulnerable systems and has a lengthy history of using zero-day bugs as part of their attacks.
The group, believed to be based in China, has targeted U.S. defense contractors and their partners in the supply chain, including manufacturers of mechanical components. The latest zero-day was used as part of a so-called "watering hole" attack against the website for the policy think tank Council on Foreign Relations, the influential membership group that helps shape U.S. foreign policy.
Microsoft is working on a full patch for the flaw, which, unfortunately, will not make it in time for next week's Patch Tuesday monthly round of Microsoft updates.
About the Author: