Site icon IT World Canada

Symantec links Elderwood hackers to IE zero-day

The Elderwood Project, which Symantec Corp. has been linked to attacks on defence supply chains and IT services, is behind the finding of latest Internet Explorer zero-day vulnerability, according to the security software firm.

Late December, Microsoft rush to roll out a quick fix on a critical vulnerability in IE 6, 7 and 8 following a series of cyber espionage attacked delivered via drive-by downloads. Microsoft said the vulnerability may corrupt PC memory and allow attackers to execute code by convincing a user to visit an infected Web site which could enable the attacker to gain control of the user’s machine.
 
Symantec diagram of a watering hole attack

“After revisiting previous attacks, we have been able to confirm that the latest Internet Explorer zero-day is a continuation of the Elderwood Project,” according to Symantec’s official blog.

A three-year investigation into the group by Symantec has linked Elderwood to the theft of intellectual property from North America’s defence industry supply chain. The hackers are believed to be behind 678 attacks against 216 United Sates-based organizations and 86 attacks 35 Canadian organizations.

Symantec also believes the Elderwood group may be behind a the May 2012 attack on the Hong Kong Web site of Amnesty International as well as an attack last month on the Web site of a U.S.-based think tank.

RELATED CONTENT

Microsoft issues quick fix for IE8 vulnerability

The security firm said Elderwood hackers’ modus operandi involves the use of “seemingly an unlimited number” zero-day exploits and attacks on supply chain manufacturers who service the target organization.

Lately, Symantec said, the group has also shifted to so-called watering hole attacks which involve compromising certain Web sites likely to be visited by the target organization.

“It has become clear that the group behind the Elderwood Project continues to produce new zero-day vulnerabilities for use in water hole attacks and we expect them to continue doing so in the New Year,” Symantec said.

Read Symantec report on Elderwood Project here

 

Exit mobile version