Cybersecurity firm FireEye has found that hackers are using a vulnerability in Internet Explorer 10 that redirects people to a tainted website.
Hackers somehow penetrated the website for the US Veteran of Foreign Wars (VFW), a non-profit organization that helps US military veterans receive benefits, recognize them for their service, and much more. The hackers laced the VFW site with a less-than-kosher link that, when clicked, takes users to a website that contained some iffy code for Adobe Flash that specifically targets IE 10. The exploit was first identified by FireEye on February 11.
“We believe the attack is a strategic Web compromise targeting American military personnel amid a paralyzing snowstorm at the US Capitol in the days leading up to the Presidents Day holiday weekend,” writes FireEye in an official blog post. “Based on infrastructure overlaps and tradecraft similarities, we believe the actors behind this campaign are associated with two previously identified campaigns (Operation DeputyDog and Operation Ephemeral Hydra).”
FireEye believes that the same “actors” that are executing these attacks have also targeted other US government organizations, Japanese companies, IT firms, mining companies, non-governmental organizations, and more.
FireEye also stated that given their success in carrying out such attacks, these hackers will continue to make life miserable for their targets “in the mid to long-term.”
What do you think? Sound off in the comments below.
(Image via Flickr/US Army Africa)
