Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.

 

US nuclear weapons researchers targeted with Internet Explorer virus

Published time: May 07, 2013 15:58

Hackers have exploited a flaw in the widely popular Internet Explorer browser that allowed them to target the computers of nuclear researchers within the United States.

The party responsible for the recently discovered security flaw in the IE 8 browser has yet to be identified, but researchers believe hackers employed a watering-hole attack to specifically target US government employees and contractors who browse a website regularly frequented by staffers in the nuclear sector.

Microsoft confirmed on Friday the existence of a zero-day code-execution exploit in IE 8 that, if not fixed, could allow hackers to install malware on a victim’s machine by employing so-called “drive-by attacks.” Indeed, the flaw was discovered only after an unknown number of computers became infected with a backdoor Trojan that was reportedly installed on the machines of web surfers who used IE 8 to navigate to a specific page on the US Department of Labor website.

The Department of Labor site was rigged to redirect users to another site that infected computers with an iteration of the infamous ‘Poison Ivy’ Trojan, which was able to avoid detection by all but two major anti-virus products,” Ben Weitzenkorn wrote Monday for TechNews Daily.

According to Microsoft, "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.”

"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website,” the company said.

Researchers aren’t sure yet who exploited the flaw and are still assessing any damages incurred by the issue, but they have managed to identify the single Department of Labor webpage that was compromised by hackers: the DoL’s Site Exposure Matrices (SEM) page, described by the agency as “a repository of information on toxic substances present at Department of Energy (DOE) and Radiation Exposure Compensation Act (RECA) sites.” The SEM page contains information about the links between toxic substances and recognized occupational illnesses, and was designed to be used by staffers routinely exposed to nuclear elements and other hazardous materials.

"The target of this attack appears to be employees of the Dept of Energy that likely work in nuclear weapons research," security company Invincea announced on their blog.

Speaking to NextGov, Invincea founder and former Defense Advanced Research Projects Agency program manager Anup Ghosh said, "We can infer the target of the attack are [Energy Department] folks in a watering hole style attack compromising one federal department to attack another.”

Suspects have yet to be identified, but watering hole attacks targeting specific groups of victims have been routinely used by state-sponsored cybercriminals in the past. Security firm AlienVault added that they believe the attack was carried out by "DeepPanda," a group of hackers alleged to have previously engaged in cyber espionage on behalf of the Chinese government.

Separate from the exploit, the Pentagon released on Monday a 92-page report, the 2013 “Military and Security Developments Involving the People’s Republic of China,” which discusses in detail the potential cybercrimes that could attack US computers courtesy of the Far East.

The Labor Department has since taken the SEM page down, but the damage may indeed have already been done. Although the exploit in IE was only discovered last week, security firm CrowdStrike said its research led them to believe the campaign started in March and infected victims in 37 countries, including primarily machines in the US. Only computers that used version 8 of Internet Explorer and Windows XP, Windows Vista and Windows 7 to navigate to the SEM page were vulnerable, but IE is the most widely used browser in America with a market share of roughly 42 percent, according to StatCounter’s April 2013 analysis.

Comments (12)

 

mergon 28.07.2014 09:39

If you have a comms corporation that run by people with names like ,sax/issacs/gold/bla um/you just know that you are and your information is /are unsafe !

 

Mike Martin 06.11.2013 20:16

NSA stupidity at its best.My son who is 6 knows that IE is a piece of garbage and knows not to use that browser but yet my nations so called experts are dumb enough to trust any microsoft product ? I wonder how much tax payer dollars this will cost us.Theyll probably end up on hold forever with East India tech support.

Anonymous user 08.05.2013 06:07

2013 still using IE

View all comments (12)
Add comment

Authorization required for adding comments

Register or

Name

Password

Show password

Register

or Register

Request a new password

Send

or Register

To complete a registration check
your Email:

OK

or Register

A password has been sent to your email address

Edit profile

X

Name

New password

Retype new password

Current password

Save

Cancel

Follow us

Follow us