Forgot your password?
typodupeerror
Security The Military

IE Zero-Day Exploit Used In Attack Targeting Military Intelligence 58

Posted by samzenpus
from the protect-ya-neck dept.
wiredmikey writes "Security researchers from FireEye have discovered a new IE 10 Zero-Day exploit (CVE-2014-0322) being used in a watering hole attack on the US Veterans of Foreign Wars' website. According to FireEye, attackers compromised the VFW website and added an iframe to the site's HTML code that loads the attacker's page in the background. When the malicious code is loaded in the browser, it runs a Flash object that orchestrates the remainder of the exploit. Dubbed 'Operation SnowMan' by FireEye, the attack targets IE 10 with Adobe Flash. According to a recently-released report from CrowdStrike Strategic Web Compromises (SWC), where attackers infect strategic Websites as part of a watering hole attack to target a specific group of users, were a favorite attack method for groups operating out of Russia and China. FireEye believes the attackers behind the campaign, thought to be operating out of China, are associated with two previously identified campaigns: Operation DeputyDog and Operation Ephemeral Hydra. 'A possible objective in the SnowMan attack is targeting military service members to steal military intelligence,' FireEye said."
This discussion has been archived. No new comments can be posted.

IE Zero-Day Exploit Used In Attack Targeting Military Intelligence

Comments Filter:
  • They use IE (Score:2, Insightful)

    by Anonymous Coward

    And without anykind of Flash blocker? God they're even more stupid than I originally theorized.

  • by icebike (68054) on Friday February 14, 2014 @04:19AM (#46243785)

    Every time I think Microsoft has their browser house in order, and it might be safe to use IE occasionally, stuff like this hits the fan.

    • by Type44Q (1233630)

      IE Zero-Day Exploit Used In Attack Targeting Military Intelligence

      IE... Military Intelligence...

      Now I understand why those last two words are considered a blatant contradiction. :p

      • Since when has the VFW been a military intelligence agency? That's like saying the President keeps his confidential information off a link on the WhiteHouse.org public site or the FBI provides a link to their confidential information on their public site.

        • by Type44Q (1233630)

          Since when has the VFW been a military intelligence agency?

          I didn't RTFA (and so had no idea the VFW were involved), but... have you ever met those guys?? Fact is, if you're a Rambo-type, you've gotta be able to do it all yourself; strategy, combat, procurement/logistics... and intel.

          • The Veterans of Foreign Wars (VFW) is a non-profit support organization for veterans who have served in every war since 1899. It lobbies for veteran benefits while also organizing and participating in community service initiatives with military veterans. They were instrumental in creating the GI Bill of Rights in 1944. I have never forgotten what my grandfather once told me when I was 10 years old. We were driving past a VFW sign and I made the kind of joke a 10 year old makes and said "oh look it's the ve

  • Sigh (Score:4, Insightful)

    by ledow (319597) on Friday February 14, 2014 @04:25AM (#46243805) Homepage

    If military intelligence are using IE 10 with Flash enabled, they really need to drop the last half of their name.

    • by satuon (1822492)

      I run Chrome, but I've set the flash-plugin to be always-ask. That combines the best of both worlds - I still can watch flash videos if I want, at much less risk.

    • by c0lo (1497653)

      If military intelligence are using IE 10 with Flash enabled, they really need to drop the last half of their name.

      ummm... somebody please explain how "US Veterans of Foreign Wars" equates "military intelligence"

      (I mean, in other ways than "they were the one to survive, so they may not be stupid").

    • by mgf64 (1467083)
      Military intelligence is an oxymoron.
    • Military intelligence has always been an oxymoron, so this shouldn't surprise anyone.

  • by Anonymous Coward on Friday February 14, 2014 @04:56AM (#46243887)

    Biggest oxymoron since Microsoft works.

  • VFW? (Score:4, Insightful)

    by smitty_one_each (243267) * on Friday February 14, 2014 @05:54AM (#46244009) Homepage Journal
    Dude, the VFW is substantially a drinking club for old warhorses.
    TFA is akin to saying the Commies infiltrated DFW [dfwairport.com] to score information on the U.S. Air Force.
    YHBT. HAND.
    • by dbIII (701233)
      Since B52's are still in the air (for example) that may not actually be a bad idea.
    • by Anonymous Coward

      The VFW is also visited by current military members. Bigger yet are retirees that are now contractors. Those are targets.

    • by Mashdar (876825)

      While TFS is a bit overblown, the idea is that currently employed people might go to the VFW website. (vet != retired)

    • Uhh... No.

      At least, not my post. And our post (and district, and department) are trying really really hard to break this old stereotype. Now, I'm not going to tell you that ethanol isn't ingested in a VFW club. But there's no drinking at a meeting, and many of the posts in our district are finding that those that live by the drinking club, die by the drinking club. Our post doesn't have a club, and we're in a much better financial position to help needy veterans and their families because of it.

      And lead

  • News would be: no new exploits have been found in IE during the last year.
  • by westlake (615356)

    This is the VFW

    Robert H. Jordan VFW Post 7125 [vergavfw.org]

    and this is the VFW: Where the V.F.W. Is Both Tough and Feminine [nytimes.com]

  • How's that an IE vulnerability if it uses Flash as a vector? Are they adding the iFrame in a non-standard way that only IE is susceptible to?
    • " Exploitation is aborted if the user is browsing with a different version of IE or has installed Microsoft’s Experience Mitigation Toolkit (EMET). "

      It is a flash vulnerability, but they are only tageting IE version 10 sans EMET.

    • It's an IE vulnerability (use-after-free to bypass ASLR) that loads a flash-based payload. Just because the payload is in flash doesn't mean that the vulnerability is not in IE.
    • How's that an IE vulnerability if it uses Flash as a vector? Are they adding the iFrame in a non-standard way that only IE is susceptible to?

      More likely that since (squeaky Ballmer voice at anti-trust hearing) "Internet Explorer is an integral part of Microsoft Windows" that the exploit was able to tunnel out of Flash and into IE (acting as the container) and thence into Windows.

  • "They continue to under-promise and over-deliver. And that continues to be their sort of mantra."
    FireEye expects a loss of 51-56 cents per share for the quarter.

    Cybersecurity firm FireEye sees weak revenue, warns on costs [reuters.com] Feb 11

    95% of all networks are compromised. Is yours secure? [fireeye.com]

  • Intelligence? (Score:1, Insightful)

    by Zero__Kelvin (151819)
    They use IE and then wonder why we say "Military Intelligence" is an oxymoron?
  • by nospam007 (722110) * on Friday February 14, 2014 @08:37AM (#46244377)

    'US Veterans of Foreign Wars'

    Are there any others alive?

    • Re: (Score:3, Informative)

      by ltrand (933535)
      Plenty of veterans have never been in a combat zone. The American Legion allows any veteran with an honorable discharge to join. The VFW requires time in a recognized foreign combat zone.

      So, while I could join the VFW because of my time in OIF, my uncle can't because he served during peace (80's & 90's) and did not see combat.
  • by Anonymous Coward

    15 years since Microsoft announced they were going to take Security seriously in Windows? And there's been like what 10 major versions if Internet Explorer? (6 of which were since this big decision) And we're still seeing zero-day exploits coming out?

  • by jodido (1052890) on Friday February 14, 2014 @10:29AM (#46245163)
    I think someone pointed this out already but let me emphasize--hacking the VFW for getting "military intelligence" suggests that the hackers know approximately zero about what the VFW is. First of all, a huge percentage of anyone with access to worthwhile military intelligence is not in the military at all. Second, the VFW--rtf initials--Veterans of Foreign Wars--and since very few Iraq or Afghanistan veterans ever joined, the average age is about 90. My first thought at reading this was that the hackers are from some very foreign country using MS Word for translation from English.

Brain off-line, please wait.

Working...