The logs showed addresses from 37 different countries, with 71 percent of them in the US, 11 percent in South/Southeast Asia, and 10 percent in Europe.
Microsoft confirmed the remote code-execution vulnerability on Friday night. Versions 6, 7, 9, and 10 of the browser are immune to these attacks. Microsoft has simply suggested IE8 users upgrade to a newer version for now.
This is just the latest in a series of so-called “watering hole” attacks targeting government workers and political figures within the U.S. government. In January, a compromise at the website of The Council on Foreign Relations was widely seen as an effort to gain access to influential D.C. policymakers and officials. A similar incident affecting the website of The National Journal was reported in March.
In watering hole attacks, victims are not attacked directly. Rather, attackers compromise a trusted, third-party website that the intended targets are likely to visit, then launch a silent attack when they visit the site.