Latest IE attack brought by same gang that hacked Google

Enlarge / Identical typos in three separate zero-day attacks are one indication they were carried out by the same hacker gang, dubbed Elderwood.

Active attacks targeting a critical vulnerability in older versions of Microsoft's Internet Explorer browser have been carried out by an experienced gang of hackers. And over the past four years, the group has penetrated the defenses of Google and dozens of other companies using similar zero-day exploits.

The latest attack, which works against current IE versions of 6, 7, and 8, was found late last month on the CFR.org and Capstoneturbine.com, according to a variety of researchers (including Eric Romang and those from the FireEye Malware Research Lab). Such "watering hole" attacks get their name because they attempt to plant drive-by exploits into sites frequented by the people the attackers hope to infect, similar to a hunter targeting its prey as it drinks water.

According to a report issued late last week by researchers from antivirus provider Symantec, the attackers are none other than the Elderwood Gang. That's the same group that used a potent zero-day vulnerability in IE in 2010 to breach the defenses of Google and 34 other companies. As Ars reported in September, Elderwood operatives have since wielded a seemingly unlimited number of previously unknown exploits, mainly in an espionage campaign aimed at collecting source code, engineering blueprints, and other forms of intellectual property.

Read 6 remaining paragraphs | Comments