Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×
Security The Military

IE Zero-Day Exploit Used In Attack Targeting Military Intelligence 58

wiredmikey writes "Security researchers from FireEye have discovered a new IE 10 Zero-Day exploit (CVE-2014-0322) being used in a watering hole attack on the US Veterans of Foreign Wars' website. According to FireEye, attackers compromised the VFW website and added an iframe to the site's HTML code that loads the attacker's page in the background. When the malicious code is loaded in the browser, it runs a Flash object that orchestrates the remainder of the exploit. Dubbed 'Operation SnowMan' by FireEye, the attack targets IE 10 with Adobe Flash. According to a recently-released report from CrowdStrike Strategic Web Compromises (SWC), where attackers infect strategic Websites as part of a watering hole attack to target a specific group of users, were a favorite attack method for groups operating out of Russia and China. FireEye believes the attackers behind the campaign, thought to be operating out of China, are associated with two previously identified campaigns: Operation DeputyDog and Operation Ephemeral Hydra. 'A possible objective in the SnowMan attack is targeting military service members to steal military intelligence,' FireEye said."
This discussion has been archived. No new comments can be posted.

IE Zero-Day Exploit Used In Attack Targeting Military Intelligence

Comments Filter:

Honesty is for the most part less profitable than dishonesty. -- Plato