Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Tech
    • Downloads
      • Malwarebytes
      • Exploits
      • Paper Downloads
    • Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Tech
    • Downloads
      • Malwarebytes
      • Exploits
      • Paper Downloads
    • Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Exploits

IE Zero-Day Attacks Linked to Hidden Lynx

Paul Anderson by Paul Anderson
September 24, 2013 - Updated on September 28, 2013
in Exploits, Public, Security
Reading Time: 2 mins read
0
20
SHARES
341
VIEWS
Share on FacebookShare on Twitter

The campaign has been dubbed ‘Operation DeputyDog’, and is believed to have begun as early as August 19.  According to FireEye, the attackers behind the operation may be the same ones involved in last year’s attack on Bit9 (a group researchers at Symantec). FireEye recently identified as a hacking crew called Hidden Lynx.

You might also like

Over 30,000 Outdated Microsoft Exchange Servers Exposed to Cyber Threats

US Government Targets North Korea-Linked Cyber Threat, Lazarus, and Seizes Crypto Service

Researchers Expose Gaza Charity Crypto Scam

Sept. 17, Microsoft warned that attackers were utilizing an Internet Explorer zero-day in small targeted attacks and published a FixIt tool to protect users.

According to Microsoft, the exposure exists in the way that Internet Explorer accesses an object in memory that’s been deleted or hasn’t been properly allocated. The vulnerability could corrupt memory in a way that could permit an attacker to execute code in the context of the current user within IE.

“Despite the targeted nature of these attacks, the exploit identifies numerous language packs (en, zh, fr, de, ja, pt, ko, ru) and software versions, which is uses to specify the correct ROP chain,” FireEye noted in a blog post. “Commented-out code suggests that the exploit initially targeted IE8 XP users, and IE8 and IE9 Windows 7 users who also had MS Office 2007 installed. In our tests, we observed that the exploit ran successfully on systems running both MS Office 2007 and 2010.”

“This group doesn’t just limit itself to a handful of targets; instead it targets hundreds of different organizations in many different regions, even concurrently,” Symantec’s Security Response Team blogged. “Given the breadth and number of targets and regions involved, we infer that this group is most likely a professional hacker-for-hire operation that are contracted by clients to provide information. They steal on demand, whatever their clients are interested in, hence the wide variety and range of targets.”

“Upon performing filename similarity analysis from DTI [FireEye’s Dynamic Threat Intelligence], we looked for equivalent payload filenames likely used in these attacks on August 23, 2013, where the filename would have likely been img20130823.jpg,” FireEye noted. “Sure enough, we find a matching reference in DTI, where the malicious executable was hosted on a server in Hong Kong at 210.176.3.130/it/img20130823.jpg.”

Tags: FireEyeHidden Lynxsymantec
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the bottom of the page.

Recommended For You

Security Concerns Rise as 30,000+ Outdated Microsoft Exchange Servers Remain Vulnerable to Cyber Threats, ShadowServer Foundation Reports.

Over 30,000 Outdated Microsoft Exchange Servers Exposed to Cyber Threats

December 2, 2023
Cyber threat Lazarus, active for a decade, stole $2B+ in digital assets. Sinbad.io crypto mixer aids laundering. Despite sanctions, Lazarus remains resilient, evolving tactics for complex attacks.

US Government Targets North Korea-Linked Cyber Threat, Lazarus, and Seizes Crypto Service

November 30, 2023

Researchers Expose Gaza Charity Crypto Scam

November 20, 2023

Europol and Local Forces Disband Multi-Million Dollar Vishing Ring

November 19, 2023

Chinese Scammers Cloning Websites for Massive Gambling Scam in Asia-Pacific Region

November 15, 2023

Critical Vulnerabilities in IoT Routers Threaten Industries, Warns Forescout Analysts

November 14, 2023
Next Post
Virginia Tech Hacked – Due to Human Error

Virginia Tech Hacked - Due to Human Error

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

State-owned China Energy Engineering Corp (CEEC) hit by Rhysida ransomware; global alert issued. Insights into tactics and impact on #StopRansomware effort

China Energy Giant, CEEC, Falls Victim to Rhysida Ransomware Attack

November 26, 2023
FBI dismantles IPStorm botnet, arrests Sergei Makinin, ending a 4-year cybercrime spree. A major win against global online threats.

FBI Shuts Down Notorious IPStorm Botnet, Arrests Mastermind Sergei Makinin after Four-Year Cybercrime Spree

November 21, 2023
Researchers Expose Gaza Charity Crypto Scam

Researchers Expose Gaza Charity Crypto Scam

November 20, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact us
  • Press
  • Writers
  • Privacy Policy

© 2023 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
    • Tools
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Contact Us
    • Press
  • Privacy Policy

© 2023 ZeroSecurity, All Rights Reserved.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.