Active attacks targeting a critical vulnerability in older versions of Microsoft's Internet Explorer browser have been carried out by an experienced gang of hackers. And over the past four years, the group has penetrated the defenses of Google and dozens of other companies using similar zero-day exploits. Read More ..
The latest attack, which works against current IE versions of 6, 7, and 8, was found late last month on the CFR.org and Capstoneturbine.com, according to a variety of researchers (including Eric Romang and those from the FireEye Malware Research Lab). Such "watering hole" attacks get their name because they attempt to plant drive-by exploits into sites frequented by the people the attackers hope to infect, similar to a hunter targeting its prey as it drinks water.
According to a report issued late last week by researchers from antivirus provider Symantec, the attackers are none other than the Elderwood Gang. That's the same group that used a potent zero-day vulnerability in IE in 2010 to breach the defenses of Google and 34 other companies. As Ars reported in September, Elderwood operatives have since wielded a seemingly unlimited number of previously unknown exploits, mainly in an espionage campaign aimed at collecting source code, engineering blueprints, and other forms of intellectual property.
"It has become clear that the group behind the Elderwood Project continues to produce new zero-day vulnerabilities for use in watering hold attacks and we expect them to continue to do so in the new year," the Symantec researchers wrote in their most recent report. The number of infected machines remains limited, indicating that the attack is highly targeted.