In this time two different groups of sophisticated attackers were able to exploit the vulnerability, which affected all versions of Internet Explorer.While there is not yet any conclusive proof as to the group’s identity, a director at FireEye believes that based on previous campaigns the two attack groups were state-sponsored and operating in China. Darien Kindlund, director of threat research at FireEye, told IBTimes UK. “Based on previous research, China would be the obvious source of attacks.“ According to Kindlund and FireEye, the first wave of attacks targeted US and Europe-based companies in the defence and financial services industry, most likely for the purpose of obtaining corporate secrets and stealing intellectual property. The second wave of attacks went after hi-tech and energy firms, also based in Europe and the US. The target companies have not been identified. State-sponsored attacks on NGOs.In a blogpost issued just before the Internet Explorer vulnerability was discovered, FireEye noted that China, along with Russia and Iran, was known to have existing and growing cyber operations to support their government’s political agendas. “Over the last few years, we have observed China-based advanced persistent threat (APT) groups frequently target US-based non-governmental organisations (NGOs),” said Jen Weedon, a research analyst at FireEye. The reason to target NGOs in this instance is because such organisations are perceived as instruments of US government policy.“Unsurprisingly, they were organisations with programmes that touched on Chinese human rights, democratic reforms and social issues,” Weedon added. Two-way street Related Chinese Government Cyber Attacks on US Targets Resume Verizon Traces Half of Cyber Espionage Attacks to East Asia China ‘Launched’ Cyber Attack on Israeli Defence Targets The Chinese government has consistently denied charges laid against it in relation to carrying out such attacks, instead accusing the US government of carrying out cyber espionage. Last year, security company Mandiant published a report detailing the activities of a group of hackers within China’s People’s Liberation Army who had allegedly stolen sensitive data from hundreds of US companies and government agencies. Following the report, a US government spokesperson said: “This is something we are going to have to come back at time and again with the Chinese leadership.” The latest Internet Explorer-focussed attacks are now “comprehensively” covered by Microsoft’s security patch, however Kindlund warned that many systems may still be vulnerable. “A non-trivial problem is whether people actually get the patch,” Kindlund said. “Those without automatic updates need to ensure they have it, while unlicensed Windows XP users will be permanently vulnerable.“ Source: IBTIMES.
