"During the last few hours we have identified that the US Department of Labor website has been hacked and it is serving malicious code," he said. Blasco said that the company is still in the process of investigating the attack, but that it is clearly designed for espionage.
"All we know is the following: the attackers gained access to the US Department of Labor website. They modified some files in the website so when a user visits the website some malicious code will be loaded from a malicious server. This malicious code collects information about the victim's system (Software installed, versions, etc)," Blasco told V3.
He said the firm has also detected a second function in the attack code, instructing it to target a patched vulnerability in Microsoft's Internet Explorer.
"If the vulnerability is exploited a backdoor is installed in the system. That backdoor communicates with a malicious server and the attackers can actually send orders to the system such as uploading and downloading files, executing commands, installing new malware," he explained.
The attack sends the hackers useful information like what security programmes the infected system has, what Java and Flash version is being used. The information could be used by the attackers to improve the effectiveness of future attacks on the infected machines system.
AlienVault reported tracking the attack to China, adding further fuel to the war of words going on between it and the US. The two countries have accused one another of mounting attacks on their networks for several years.
This reached new heights earlier this year when security firm Mandiant reported linking an advanced cyber campaign targeting the US government to a Chinese military unit.
More recently, Verizon claimed Chinese hackers are responsible for 96 percent of the world's active cyber espionage campaigns in its Data Breach Investigations Report 2013. China has consistently denied all allegations, saying cyber attacks are a problem that all governments face.
No comments:
Post a Comment