Three New APTs Spotted Piling On IE Zero Day

Three New APTs Spotted Piling On IE Zero Day: Attackers are continuing to pile on a critical Internet Explorer zero day that remains unpatched two weeks after it was reported.

During the last two weeks, it appears that at least three separate targeted attack campaigns have been using the same bug previously used by Operation Deputy Dog, a campaign that wound up compromising Japanese media outlets and tech systems in the middle of September.

Researchers at FireEye initially discovered the DeputyDog campaign – which leveraged the CVE-2013-3893 vulnerability – a little over a week ago. Now word comes that three other, unconnected campaigns, Taidoor, th3bug and Web2Crew are also using the same exploit.

Web2Crew was spotted on September 25 using the Internet Explorer vulnerability to drop the remote access Trojan PoisonIvy onto machines – some belonging to a financial institution. While the exploit was hosted on a server in Taiwan, an IP address from Hong Kong was used to host its command and control server, an IP address that FireEye associated with Web2Crew during the month of August.

Thanks to the CVE-2013-3892 vulnerability, Taidoor, a type of malware that was seen compromising victims in Taiwan over the summer surfaced on a Taiwanese government website on Sept. 26.