The Elderwood Project, which Symantec Corp. has been linked to attacks on defence supply chains and IT services, is behind the finding of latest Internet Explorer zero-day vulnerability, according to the security software firm.
“After revisiting previous attacks, we have been able to confirm that the latest Internet Explorer zero-day is a continuation of the Elderwood Project,” according to Symantec’s official blog.
A three-year investigation into the group by Symantec has linked Elderwood to the theft of intellectual property from North America’s defence industry supply chain. The hackers are believed to be behind 678 attacks against 216 United Sates-based organizations and 86 attacks 35 Canadian organizations.
Symantec also believes the Elderwood group may be behind a the May 2012 attack on the Hong Kong Web site of Amnesty International as well as an attack last month on the Web site of a U.S.-based think tank.
The security firm said Elderwood hackers’ modus operandi involves the use of “seemingly an unlimited number” zero-day exploits and attacks on supply chain manufacturers who service the target organization.
Lately, Symantec said, the group has also shifted to so-called watering hole attacks which involve compromising certain Web sites likely to be visited by the target organization.
“It has become clear that the group behind the Elderwood Project continues to produce new zero-day vulnerabilities for use in water hole attacks and we expect them to continue doing so in the New Year,” Symantec said.