DoL Attack Hits Others

Wednesday, May 15, 2013 @ 04:05 PM gHale


Cyber criminals behind the U.S. Department of Labor (DoL) watering hole attack also targeted employees of the U.S. Agency for International Development (USAID) through social engineering, researchers said.

One of the other attacks in the nine websites involved in the DoL watering hole attack involves the University Research Co. of Cambodia (urccabodia.org), said security researcher Eric Romang.

RELATED STORIES
Timely Patch: Microsoft Closes Holes
Microsoft Offers Fix for IE 8 Bug
IE8 Exploit Already Available
Zero Day: IE 8 Falls Victim

One of the main attacks vectors came from social engineering as Romang found at least two social media accounts – one Twitter and one Facebook account – ended up used by the cybercriminals to lure employees of USAID to urccambodia.org in an effort to trick them into installing a variant of the Poison Ivy malware.

On Twitter, the attackers posted several tweets between March 18 and April 10, many of which directly addressed official USAID Twitter accounts.

On Facebook, the cyber criminals created a bogus profile that appeared to belong to a woman named Kelly Black. They copied a picture from the web, and made the profile of a woman that appeared to be working for USAID.

The attackers managed to befriend several individuals from USAID and started posting links that “led to a new project.”

AlienVault experts, the ones who first spotted the DoL attack, said the command and control protocol used in the campaign matches the one used by a Chinese hacker group dubbed DeepPanda.

Microsoft released a patch for the Internet Explorer 8 vulnerability exploited in these attacks. However, the attackers have had enough time to leverage the security hole.
While Microsoft is urging users to patch or update to a new version, considering users often fail to keep their software updated, attacker might be able to leverage if for quite some time.



Leave a Reply

You must be logged in to post a comment.