Researchers from FireEye uncovered the attack and listed it as being a part of a wider campaign, codenamed "Operation Clandestine Fox". FireEye reported uncovering the IE vulnerability earlier this week.
The vulnerability affects IE6 through IE11 and can theoretically be used to exploit machines running Windows XP, 7 and 8.1. The original Operation Clandestine Fox attacks focused on targeting Windows 7 and 8.1 machines running IE9 through IE11. The new attacks target Windows XP machines running IE8.
Threat intelligence manager at FireEye Darien Kindlund told V3 the attacks have the same end goal as the earlier Windows 7 and 8 raids and are designed to infiltrate businesses involved in critical infrastructure areas.
"The XP attack is identical to the previously discovered vulnerability," said Kindlund. "It lets attackers gain remote access to compromised systems, and it appears to be used in targeted attacks against [the] defence, finance, and energy sectors."
The attacks' discovery comes just after Microsoft released a patch plugging the IE vulnerability which included a fix for Windows XP users. The fix comes less than a month after Microsoft officially ceased support for its decade-old Windows XP operating system (OS). Microsoft said the XP fix is a one-off, promising it will not release any further patches for the OS.
Kindlund told V3 the advanced nature of the attack makes tracking its origin difficult, but FireEye is operating under the assumption that it's state sponsored. "We don't have definitive evidence to link the attackers to a particular country of origin; however, we believe these attacks were sponsored by at least one nation state," said Kindlund.
State-sponsored cyber attacks have been a growing concern within the security community with new campaigns believed to be government funded and appearing on a near-monthly basis. For a look at the most dangerous state-sponsored cyber attacks check out V3's top 10 guide.
No comments:
Post a Comment