A Chinese hacking group that hit Bit9 earlier this year seems to be taking advantage of the Internet Explorer Zero Day just discovered and has been targeting Japanese organizations, researchers said.
This new campaign has been targeting Japanese organizations since August 19, and the attackers have been using a C&C infrastructure that appears similar to the one used in the attack on Bit9, said researchers at FireEye.
Some of the malware samples they discovered and analyzed ended up compiled on August 19.
Microsoft did issue a Fix it for the vulnerability September 17, and has confirmed the Zero Day affects all supported versions of Internet Explorer.
In the meantime, SANS’ Internet Storm Center (ISC) raised their threat level to “yellow”, following “increased evidence of exploits in the wild regarding Microsoft Security Advisory 2887505.”
ISC handler Russ McRee said Rapid7 is also likely to release a Metasploit exploit for the flaw soon.
“To mitigate the risk of exploitation from this issue, install EMET 4.0, configure it to force ASLR, and enable a number of heap spraying and ROP protections, said Ross Barrett, senior manager of security engineering at Rapid7. Additionally, there is a “fixit” available from Microsoft which will attempt to modify the system to prevent exploitation,” he said.