Recently patched IE 0-day abused in APT attacks
Posted on 15 May 2014.
When Microsoft issued an out-of-band security update to patch the zero day Internet Explorer vulnerability on May 1, it was revealed by researchers from security company FireEye that the bug was being actively exploited by attackers targeting US-based defense and financial firms.

At the time, they refrained from sharing more details about the attacks, but said that the attackers were after information and that they are a sophisticated group that "has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past."

"They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure. They have a number of backdoors including one known as Pirpi," they added.

A few days later, FireEye has revealed that they have spotted new threat actors using the exploit in attacks and have expanded the industries they are targeting.

Finally, at the AusCERT Conference taking place this week in Australia, the company has confirmed that at least two Australian entities were also targeted in the same attacks, and that the group has been given the exploit by a "digital quartermaster" operation whose existence they postulated last year.

The APT group that performed the attacks is more than likely state-sponsored, FireEye engineering manager Rich Costanzo shared with The Register, and consists of various teams that perform different attacks.

"The Australian organisations were targeted by a section of the group called 'team B', which was less concerned with being identified by researchers and less meticulous in altering its attack techniques."


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th