Sunday, March 26, 2017
Home / Security / Exploits / IE Zero-day targeting US Government

IE Zero-day targeting US Government

Fireeye, a well-known security firm has discovered a targeted and complex attack that they believe to be directed at US military employees. Fireeye is referring to this specific attack as “Operation SnowMan“.

The attack was hosted off a compromised site, the U.S. Veterans of Foreign Wars. Webpages on the site were altered to incorporate code which exploited an zero-day  vulnerability in Internet Explorer 10 on systems that also have Adobe Flash Player.

The specific vulnerability is in Internet Explorer 10, however it works with a malicious Flash object along with a callback from that Flash object to the vulnerability trigger in JavaScript. Fireeye says they’re in contact with Microsoft concerning the vulnerability.

The campaign was initially revealed on February 11. Fireeye believes thatit had been placed on the VFW site so it could be discovered by US military personnel, and that the attack was carried out to coincide using a long holiday weekend as well as the major snowstorm which hit the eastern United States recently.

Fireye has also reached the conclusion that this is the same group that has carried out other high-value attacks, specifically Operation DeputyDog and Operation Ephemeral Hydra.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …