Internet Explorer 8 zero-day attack spreads on 9 other sites
Watering hole Internet Explorer 8 zero-day attack on the US Department of Labor website last week has spread to 9 more global websites over the weekend, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and institutes
Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least. Researchers analyzing the attacks say that the attack tie it to a China-based hacking group known as “DeepPanda”.
Security firm CrowdStrike said its researchers unearthed evidence suggesting that the campaign began in mid-March. Their analysis of logs from the malicious infrastructure used in the attacks revealed the IP addresses of visitors to the compromised sites.
The logs showed addresses from 37 different countries, with 71 percent of them in the US, 11 percent in South/Southeast Asia, and 10 percent in Europe.
Microsoft confirmed the remote code-execution vulnerability on Friday night. Versions 6, 7, 9, and 10 of the browser are immune to these attacks. Microsoft has simply suggested IE8 users upgrade to a newer version for now.
This is just the latest in a series of so-called “watering hole” attacks targeting government workers and political figures within the U.S. government. In January, a compromise at the website of The Council on Foreign Relations was widely seen as an effort to gain access to influential D.C. policymakers and officials. A similar incident affecting the website of The National Journal was reported in March.
In watering hole attacks, victims are not attacked directly. Rather, attackers compromise a trusted, third-party website that the intended targets are likely to visit, then launch a silent attack when they visit the site.