Recently patched IE 0-day abused in APT attacks
Posted on 15 May 2014.
When Microsoft issued an out-of-band security update to patch the zero day Internet Explorer vulnerability on May 1, it was revealed by researchers from security company FireEye that the bug was being actively exploited by attackers targeting US-based defense and financial firms.

At the time, they refrained from sharing more details about the attacks, but said that the attackers were after information and that they are a sophisticated group that "has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past."

"They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure. They have a number of backdoors including one known as Pirpi," they added.

A few days later, FireEye has revealed that they have spotted new threat actors using the exploit in attacks and have expanded the industries they are targeting.

Finally, at the AusCERT Conference taking place this week in Australia, the company has confirmed that at least two Australian entities were also targeted in the same attacks, and that the group has been given the exploit by a "digital quartermaster" operation whose existence they postulated last year.

The APT group that performed the attacks is more than likely state-sponsored, FireEye engineering manager Rich Costanzo shared with The Register, and consists of various teams that perform different attacks.

"The Australian organisations were targeted by a section of the group called 'team B', which was less concerned with being identified by researchers and less meticulous in altering its attack techniques."









Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //