Gang behind Elderwood Project exploiting Internet Explorer zero-day

News by Dan Kaplan

Symantec has linked exploits that leverage the zero-day vulnerability in Internet Explorer to the group responsible for a spate of recent espionage attacks.

Symantec has linked exploits that leverage the zero-day vulnerability in Internet Explorer to the group responsible for a spate of recent espionage attacks.

Dubbed the ‘Elderwood Project' by Symantec, it said that the gang's work is responsible for at least four remote code execution vulnerabilities that were discovered in 2012 and used to spread malware to visitors of websites such as Amnesty International Hong Kong.

The gang was also responsible for attacks in January 2010 on several targets, including on Google, which later became known as operation Aurora.

While the attackers used spear phishing emails in the past, researchers are now seeing the emergence of ‘watering hole' tactics being used – where they compromise websites that are frequented by employees working at targeted companies, or even lower-tier organisations, such as manufacturers in the defence supply chain.

The latest zero-day was used as part of a so-called ‘watering hole' attack against the website for the policy think-tank Council on Foreign Relations, the influential membership group that helps shape US foreign policy.

Symantec said: “It has become clear that the group behind the Elderwood Project continues to produce new zero-day vulnerabilities for use in watering hole attacks and we expect them to continue to do so in the New Year.”

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events