Web site for the Council on Foreign Relations was compromised and recently hit by a drive-by attack that was detected earlier this week. Hacker are suspected to be from China , who are exploiting a zero day Internet Explorer vulnerability for Cyber Espionage attack against one of American most elite foreign policy web groups.
According to Fireeye researchers, a malicious content on the website was hosted by hackers, that is exploiting Internet Explorer version 8.0 (fully patched version) to hack windows systems of visitors. "We have chosen not to release the technical details of this exploit, as Microsoft is still investigating the vulnerability at this time."
Once the system compromised, hackers look for valuable information from their computers, kinda Cyber Espionage. The FBI was notified of the attack and is said to be investigating. The CFR is one of the most elite foreign policy organizations in the United States with a membership of some 4,700 officials, former officials, journalists, and others. Its members include NBC anchor Brian Williams, Hollywood actress Angelina Jolie, and former Sen.
Firm also confirm that the malicious code was planted on the server using Mandarin Chinese language. In description parameter of MD5 of malicious files, they found simplified Chinese <文件说明> , that translates to <File Description>.
The securty specialists believe the attackers either removed their malicious software to prevent further details of the attack from being discovered, or CFR was able to isolate the software and remove it.
A similar Internet Explorer vulnerability was behind the major Aurora cyber attack on Google and other U.S. corporations that began in 2009 and was traced to China's government.
David Mikhail, a Council on Foreign Relations spokesman, "The Council on Foreign Relations' website security team is aware of the issue and is currently investigating the situation," "We are also working to mitigate the possibility for future events of this sort."