A new Internet Explorer 10 zero-day exploit targets US Military Intelligence. Hackers are using Microsoft’s Internet Explorer (IE) 10 zero day vulnerability and targeting US military personnel’s in an active attack campaign, called as “Operation Snowman”.
The exploit, known as CVE-2014-0322, was discovered by security researchers from FireEye and dubbed “Operation Snowman,” the campaign – believed to be operating out of China. The vulnerability typically involves the compromise of a specific website in order to target a group of visitors known to frequent it.
The hackers added an IFRAME into the beginning of the “U.S. Veterans of Foreign Wars” website HTML code and that loads the attacker’s page in the background infecting visitors. When attacker’s code is loaded within the IE 10 browser, a Flash object is run which downloads, decodes and executes an XOR-encoded payload from a remote server.
Malwarebytes researcher Jerome Segura tested the exploit and was able to reproduce a successful infection on Windows 7, Internet Explorer 10 with the latest version of the Flash Player.