Reports are coming in this week that Microsoft's Internet Explorer zero-day (CVE-2013-3893), which remains unpatched, has been exploited for at least three months now.
Microsoft first acknowledged the vulnerability earlier this month, and has issued one of their "Fix It" tools to help contain the dangers until a full patch is released.
Researchers at FireEye say the attacks can be tied to a Chinese hacking group and the attacks have been aimed at Japanese organizations.
Says researcher Alex Watson of Websense: "Our ThreatSeeker Intelligence Cloud reported a potential victim organization in Taiwan attempting to communicate with the associated malicious command and control server as far back as July 1, 2013. These C&C communications predate the widely-reported first use of this attack infrastructure by more than six weeks, and indicates that the attacks from this threat actor are not just limited to Japan."
"Websense Threat Intelligence indicates that the threat actor's attacks were not limited only to Japan as previously reported. The use of separate IP addresses, domain registrations, and permutations to dropper locations indicates a high degree of segmentation between attacks and different teams using the same tool sets, exploits and C&C infrastructure."
Visitors using IE 8 or 9, on Windows XP or 7, were being redirected to the exploit page and served with a malicious file.
Researchers at FireEye say the attacks can be tied to a Chinese hacking group and the attacks have been aimed at Japanese organizations.
Says researcher Alex Watson of Websense: "Our ThreatSeeker Intelligence Cloud reported a potential victim organization in Taiwan attempting to communicate with the associated malicious command and control server as far back as July 1, 2013. These C&C communications predate the widely-reported first use of this attack infrastructure by more than six weeks, and indicates that the attacks from this threat actor are not just limited to Japan."
"Websense Threat Intelligence indicates that the threat actor's attacks were not limited only to Japan as previously reported. The use of separate IP addresses, domain registrations, and permutations to dropper locations indicates a high degree of segmentation between attacks and different teams using the same tool sets, exploits and C&C infrastructure."
Visitors using IE 8 or 9, on Windows XP or 7, were being redirected to the exploit page and served with a malicious file.