IE Zero-Day Exploit Used In Attack Targeting Military Intelligence

← Back to Stories (view on slashdot.org)

IE Zero-Day Exploit Used In Attack Targeting Military Intelligence

Posted by samzenpus on Thursday February 13, 2014 @07:58PM from the protect-ya-neck dept.

wiredmikey writes "Security researchers from FireEye have discovered a new IE 10 Zero-Day exploit (CVE-2014-0322) being used in a watering hole attack on the US Veterans of Foreign Wars' website. According to FireEye, attackers compromised the VFW website and added an iframe to the site's HTML code that loads the attacker's page in the background. When the malicious code is loaded in the browser, it runs a Flash object that orchestrates the remainder of the exploit. Dubbed 'Operation SnowMan' by FireEye, the attack targets IE 10 with Adobe Flash. According to a recently-released report from CrowdStrike Strategic Web Compromises (SWC), where attackers infect strategic Websites as part of a watering hole attack to target a specific group of users, were a favorite attack method for groups operating out of Russia and China. FireEye believes the attackers behind the campaign, thought to be operating out of China, are associated with two previously identified campaigns: Operation DeputyDog and Operation Ephemeral Hydra. 'A possible objective in the SnowMan attack is targeting military service members to steal military intelligence,' FireEye said."

16 of 58 comments (clear)

Min score:

Reason:

Sort:

They use IE by Anonymous Coward · 2014-02-13 20:14 · Score: 2, Insightful

And without anykind of Flash blocker? God they're even more stupid than I originally theorized.
Its not soup yet by icebike · 2014-02-13 20:19 · Score: 3

Every time I think Microsoft has their browser house in order, and it might be safe to use IE occasionally, stuff like this hits the fan.

--
Sig Battery depleted. Reverting to safe mode.
1. Re: Its not soup yet by icebike · 2014-02-13 21:11 · Score: 4, Insightful
  
  IE, as of about version 9, is on par with other major browsers in terms of security. It only gets more publicity because, let's face it, it's IE, and still the most widely used browser.
  It depends on who you ask.
  http://gs.statcounter.com/ shows Chrome clearly in the lead.
  http://www.w3counter.com/globa... also shows chrome leading.
  Wikimedia says Chrome leads http://stats.wikimedia.org/wik...
  Just because its common doesn't mean its used. And you don't see these stories about Firefox or Chrome, at least not many. And given the market share that Chrome enjoys you would expect to see many more stories.
  You've fallen for the old Microsoft lie:
  They insist We are attacked because we are popular.
  The real story is they are attacked because they are easy targets.
  
  --
  Sig Battery depleted. Reverting to safe mode.
2. Re:Its not soup yet by Type44Q · 2014-02-14 02:33 · Score: 2
  
  IE Zero-Day Exploit Used In Attack Targeting Military Intelligence
  IE... Military Intelligence...
  Now I understand why those last two words are considered a blatant contradiction. :p
3. Re:Its not soup yet by Anonymous Coward · 2014-02-14 04:02 · Score: 2, Insightful
  
  This exploit relies on TWO concurrent vectors: 1) You must be running and using IE10 (which has already been superseded by IE11, which is immune to this attack) and 2) You must have Adobe Flash installed.
  BOTH of these conditions are necessary for this attack to work. Anyone who has kept their updates up (and therefore has IE11), doesn't use Flash or has installed the EMET (http://technet.microsoft.com/en-us/security/jj653751) is immune to this attack which is, obviously, actually just ANOTHER Flash-based vulnerability! and yet you limit your spurious attacks to (an outdated version of) Internet Explorer (*surprise*) ...
  Clearly the same ole /. FUD factory continues spouting it's age-old hypocrisy...
  -AC
Sigh by ledow · 2014-02-13 20:25 · Score: 3, Insightful

If military intelligence are using IE 10 with Flash enabled, they really need to drop the last half of their name.
1. Re:Sigh by c0lo · 2014-02-13 22:09 · Score: 2
  
  If military intelligence are using IE 10 with Flash enabled, they really need to drop the last half of their name.
  ummm... somebody please explain how "US Veterans of Foreign Wars" equates "military intelligence"
  (I mean, in other ways than "they were the one to survive, so they may not be stupid").
  
  --
  Questions raise, answers kill. Raise questions to stay alive.
2. Re:Sigh by mgf64 · 2014-02-13 23:23 · Score: 2
  
  Military intelligence is an oxymoron.
Re:"watering hole" attack by icebike · 2014-02-13 20:43 · Score: 2

Not that new.
Its been around since 2009 at least. The term is best explained by the above article.
However the RSA has started slinging this name about in 2012.
The hallmark is simply planting your malware where your targets often go.

--
Sig Battery depleted. Reverting to safe mode.
Military intelligence by Anonymous Coward · 2014-02-13 20:56 · Score: 3, Funny

Biggest oxymoron since Microsoft works.
VFW? by smittyoneeach · 2014-02-13 21:54 · Score: 3, Insightful

Dude, the VFW is substantially a drinking club for old warhorses.
TFA is akin to saying the Commies infiltrated DFW to score information on the U.S. Air Force.
YHBT. HAND.

--
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
1. Re:VFW? by ValentineMSmith · 2014-02-14 07:46 · Score: 2
  
  Uhh... No.
  At least, not my post. And our post (and district, and department) are trying really really hard to break this old stereotype. Now, I'm not going to tell you that ethanol isn't ingested in a VFW club. But there's no drinking at a meeting, and many of the posts in our district are finding that those that live by the drinking club, die by the drinking club. Our post doesn't have a club, and we're in a much better financial position to help needy veterans and their families because of it.
  And leadership? Fully half the leadership of my post and district are Gulf War (or later) veterans.
  We exist to help each other and help other veterans. Period.
  The problem is that those stereotypes still persist, because people enjoy perpetuating them. And because, in a lot of instances, the VFW (and the American Legion) don't really go out of their way to announce what they're doing. They just do what needs to be done and walk away.
  We just don't drop the money on the advertising campaigns that Wounded Warrior Project does. If you take a look, though, at how much the CEO of WWP makes and compare that to the salary of the VFW National Commander (and American Legion National Commander), you'll see why most veterans' organizations are pretty irritated with WWP.
  
  --
  Karma: Chameleon - mostly influenced by bad '80s New Wave music
Re:IE or Flash? by Zero__Kelvin · 2014-02-14 00:31 · Score: 2

" Exploitation is aborted if the user is browsing with a different version of IE or has installed Microsoft’s Experience Mitigation Toolkit (EMET). "
It is a flash vulnerability, but they are only tageting IE version 10 sans EMET.

--
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Really? by nospam007 · 2014-02-14 00:37 · Score: 2

'US Veterans of Foreign Wars'
Are there any others alive?
1. Re:Really? by ltrand · 2014-02-14 02:32 · Score: 3, Informative
  
  Plenty of veterans have never been in a combat zone. The American Legion allows any veteran with an honorable discharge to join. The VFW requires time in a recognized foreign combat zone.
  
  So, while I could join the VFW because of my time in OIF, my uncle can't because he served during peace (80's & 90's) and did not see combat.
Bad title by jodido · 2014-02-14 02:29 · Score: 2

I think someone pointed this out already but let me emphasize--hacking the VFW for getting "military intelligence" suggests that the hackers know approximately zero about what the VFW is. First of all, a huge percentage of anyone with access to worthwhile military intelligence is not in the military at all. Second, the VFW--rtf initials--Veterans of Foreign Wars--and since very few Iraq or Afghanistan veterans ever joined, the average age is about 90. My first thought at reading this was that the hackers are from some very foreign country using MS Word for translation from English.