Fireeye, a well-known security firm has discovered a targeted and complex attack that they believe to be directed at US military employees. Fireeye is referring to this specific attack as “Operation SnowMan“.
The attack was hosted off a compromised site, the U.S. Veterans of Foreign Wars. Webpages on the site were altered to incorporate code which exploited an zero-day vulnerability in Internet Explorer 10 on systems that also have Adobe Flash Player.
The specific vulnerability is in Internet Explorer 10, however it works with a malicious Flash object along with a callback from that Flash object to the vulnerability trigger in JavaScript. Fireeye says they’re in contact with Microsoft concerning the vulnerability.
The campaign was initially revealed on February 11. Fireeye believes thatit had been placed on the VFW site so it could be discovered by US military personnel, and that the attack was carried out to coincide using a long holiday weekend as well as the major snowstorm which hit the eastern United States recently.
Fireye has also reached the conclusion that this is the same group that has carried out other high-value attacks, specifically Operation DeputyDog and Operation Ephemeral Hydra.