Security experts suspect that Chinese hackers are taking advantage of a zero-day flaw that exists in Internet Explorer 8 to target United States nuclear researchers. The previously unknown vulnerability which exists in Microsoft’s most popular browser has been used in active exploit against the U.S. Department of Labor and U.S. Department of Energy.
The Department of Energy’s Site Exposure Matrices website was hacked using this exploit. The site deals with nuclear related illnesses linked to the agency’s employees who may have fallen ill developing or disarming nuclear weapons. No report has been made on whether any of the agency’s data has been stolen or compromised.
The Department of Labor website was also compromised by the hackers. Visitors to the website were redirected to another site that had malware. Once a person gets into the malware-ridden site a Trojan is then downloaded into his or her computer. The Poison Ivy Trojan used in this case is linked to “DeepPanda” hackers that are reportedly operating from its base in China. Poison Ivy is one of the most popular Trojans that’s used by hackers today. It works by syphoning documents from corporate or government networks.
It is believed that Chinese hackers are responsible for taking advantage of this exploit which follows their similar attacks last 2012.
These attacks were first reported last Wednesday when Invincea, a Virginia based online security company, detected that hackers were taking advantage of an exploit in IE8.
According to Eddie Mitchell, a security engineer at Invincea, “The exploit on the [Department of Labor] site appears to be exploiting a zero-day exploit affecting Internet Explorer 8 (IE8) only, [via a] use-after-free memory vulnerability that when exploited allows an attacker to remotely execute arbitrary code.”
Invincea was able to reproduce the attack on a computer running on Windows XP with a fully updated IE8 browser. Security company FireEye was also able to reproduce the attack using a computer running on Windows 7.
Microsoft has already issued a security advisory acknowledging this zero-day bug. The company says that only IE8 is affected by this bug and that other versions of their browser such as IE9 and IE10 are not affected. All versions of IE8 are affected by this vulnerability which includes those running on XP, Vista and Windows 7.
While the company is reportedly already working on a fix to this problem no specific schedule was set on when it will be released. The next scheduled security update from the company is still on May 14 which hopefully will come with the fix.