Attackers exploiting a zero-day vulnerability CVE-2013-3893 in Microsoft’s Internet Explorer browser and served them on compromised popular Japanese news websites.
According to FireEye, at least three major Japanese media websites were compromised in watering hole attacks, dubbed Operation DeputyDog, appears to target manufacturers, government entities and media organizations in Japan.
The compromised sites recorded more than 75,000 page views before the exploits were discovered. The zero-day vulnerability in IE 8 and 9 allows the stealthy installation of software in the users’ computers which then can be remotely accessed by the hackers.
The hackers typically use Trojans designed specifically for a pay-to-order attack to steal intellectual property. Researchers saw a payload executable file used against a Japanese target posing as an image file hosted on a Hong Kong server.
FireEye also claimed the group responsible for DeputyDog is the same one that compromised security firm Bit9 back in February 2013. FireEye did not disclose which sites were infected, but said that Japanese computer security authorities were working with the media outlets to remediate the issue.
Microsoft released a FixIt tool and urged IE users to install that as a mitigation until a patch was ready.