Attacks exploiting an unpatched Internet Explorer flaw continue to rise, as researchers uncovered campaigns involving a compromised government website and an unnamed financial institution.
Experts predicted attacks would increase in frequency since exploit code was made publicly available last month, and FireEye said it has seen at least three separate hacker groups using the vulnerability.
Fresh research has uncovered an actor known as Web2Crew, who was responsible for an attempt on a financial body, using the flaw to get the PoisonIvy malware on the target’s machines. PoisonIvy is traditionally used in advanced attacks designed to pilfer information and spy on victims, rather than earn money.
Another hacker group compromised the Taiwanese government website to serve up an exploit of the flaw, dropping the Taidoor malware.
A malicious actor called th3bug was seen exploiting the flaw in multiple attacks, dropping the PoisonIvy malware.
Whilst these attacks are advanced persistent threats (APTs), which typically target government bodies and large private businesses, FireEye expects exploits of the Internet Explorer zero-day to filter down the food chain.
“We expect that CVE-2013-3893 will continue to be handed down to additional APT campaigns and may eventually find its way into the cyber crime underground,” the security firm said in a blog post.
“ It is not uncommon for zero-day exploits to be handed down to additional APT campaigns after they have already been used.”
Meanwhile, the Internet Explorer exploit has been added to the Metasploit framework, meaning hackers, ethical or no, can easily use it.
Microsoft’s temporary fix can be found here.
How much do you know about information security? Try our quiz and find out!
British regulator invites feedback on major partnerships Microsoft and Amazon have struck with smaller AI…
Another 20 staff have been fired by Google over Israel protest and their “completely unacceptable…
Censorship row brewing down under, after the Australian Prime Minister calls Elon Musk an 'arrogant…
Financial regulator asks New York judge to impose $5.3 billion in fines against Terraform Labs…
Lightweight artificial intelligence model launched this week by Microsoft, offering more cost-effective option for Azure…
ByteDance protest falls on deaf ears, as Senate passes TikTok ban or divest bill, with…