Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security The Military

IE Zero-Day Exploit Used In Attack Targeting Military Intelligence 58

Posted by samzenpus
from the protect-ya-neck dept.
wiredmikey writes "Security researchers from FireEye have discovered a new IE 10 Zero-Day exploit (CVE-2014-0322) being used in a watering hole attack on the US Veterans of Foreign Wars' website. According to FireEye, attackers compromised the VFW website and added an iframe to the site's HTML code that loads the attacker's page in the background. When the malicious code is loaded in the browser, it runs a Flash object that orchestrates the remainder of the exploit. Dubbed 'Operation SnowMan' by FireEye, the attack targets IE 10 with Adobe Flash. According to a recently-released report from CrowdStrike Strategic Web Compromises (SWC), where attackers infect strategic Websites as part of a watering hole attack to target a specific group of users, were a favorite attack method for groups operating out of Russia and China. FireEye believes the attackers behind the campaign, thought to be operating out of China, are associated with two previously identified campaigns: Operation DeputyDog and Operation Ephemeral Hydra. 'A possible objective in the SnowMan attack is targeting military service members to steal military intelligence,' FireEye said."
This discussion has been archived. No new comments can be posted.

IE Zero-Day Exploit Used In Attack Targeting Military Intelligence

Comments Filter:

Real Users find the one combination of bizarre input values that shuts down the system for days.

Working...