Microsoft Patches Windows Bug Exploited By ‘Chinese Hackers’

Microsoft has patched a zero-day vulnerability affecting versions of Internet Explorer 9 and above on Windows that was allegedly used by a Chinese espionage group’s attempt to hack US military and financial services.

The flaw was used in conjunction with a separate zero-day flaw in Adobe Flash, a plot which was uncovered by security firms Invincea and iSight Partners when a computer on the US Defense Industrial Base network visited infected news website Forbes late last year.

Adobe patched the Flash vulnerability on 9 December, but all parties agreed to remain quiet until Microsoft issued an update for Windows earlier this week.

Targeted attack

It is thought that Forbes’ Flash-based ‘Thought of the Day’ widget, which appears when any user visits the website, was affected at least between 28 November and 1 December. Once a machine was infected, malware then targeted other vulnerable systems on the network.

Invincea’s threat protection software detected the infected machines on the military network, despite the fact it was caused by a zero-day flaw and had already “several” layers of security. However the security firm says no data was stolen as a result of the infection.

The group known as ‘Codoso’ has been blamed for the attack, with iSight saying many elements of it were consistent with previous attacks by Chinese hacking attempts. It noted that the malware contained elements written in simplified Chinese and bore resemblance to variants of ‘Derusbi’ – a type of malware unique to Chinese cyber espionage operations.

Chinese espionage

In addition, the command and control domain used a domain leveraged in several previous Chinese cyber espionage attempts and at least three additional sites hosted the same exploit prior to its public disclosure, including issues associated with the Uighur minority and Hong Kong democracy.

Both security firms have said that although it is possible that huge amounts of users could have been infected due to the high popularity of the Forbes website, this was a highly targeted attack.

“Given the highly trafficked Forbes.com website, the exploit could have been used to infect massive numbers of visitors,” said Invincea. “In fact it was not used for that purpose. Across Invincea’s large footprint of over 20,000 firms, Invincea and iSIGHT can confirm only certain US Defense and financial services firms were targeted with this exploit from Forbes.com during this time period.”

“The collaboration between Invincea and iSIGHT and responsible disclosure with Microsoft demonstrates the power of intelligence integration with advanced threat protection tools in protecting organisations everywhere.”

Microsoft has been highly critical of Google for automatically exposing two flaws in Windows 8.1 because they hadn’t been patched with 90 days of discovery. Microsoft says it asked Google to delay disclosure as a patch was in development, but this obviously did not occur.

How well do you know the history of Windows? Take our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

2 days ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

2 days ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

2 days ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

3 days ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

3 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

3 days ago