Recently patched IE 0-day abused in APT attacks
Posted on 15 May 2014.
When Microsoft issued an out-of-band security update to patch the zero day Internet Explorer vulnerability on May 1, it was revealed by researchers from security company FireEye that the bug was being actively exploited by attackers targeting US-based defense and financial firms.

At the time, they refrained from sharing more details about the attacks, but said that the attackers were after information and that they are a sophisticated group that "has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past."

"They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure. They have a number of backdoors including one known as Pirpi," they added.

A few days later, FireEye has revealed that they have spotted new threat actors using the exploit in attacks and have expanded the industries they are targeting.

Finally, at the AusCERT Conference taking place this week in Australia, the company has confirmed that at least two Australian entities were also targeted in the same attacks, and that the group has been given the exploit by a "digital quartermaster" operation whose existence they postulated last year.

The APT group that performed the attacks is more than likely state-sponsored, FireEye engineering manager Rich Costanzo shared with The Register, and consists of various teams that perform different attacks.

"The Australian organisations were targeted by a section of the group called 'team B', which was less concerned with being identified by researchers and less meticulous in altering its attack techniques."









Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //