An Internet Explorer Zero Day is a part of a new operation called SnowMan targeting U.S. military personnel.
The Zero Day exploit, which impacts IE 9 and 10, on the website of the U.S. Veterans of Foreign Wars (vfw.org), said researchers at FireEye.
The sophisticated group of cybercriminals behind this attack target high-profile organizations. They’ve previously attacked U.S. government entities, defense industrial base companies, law firms, Japanese companies, and NGOs. They’ve also targeted IT and mining companies, mostly by relying on remote access Trojans (RATs).
Microsoft confirmed the existence of the exploit. The company advises customers to update Internet Explorer to version 11 to protect themselves against such attacks.
“We believe the attack is a strategic Web compromise targeting American military personnel amid a paralyzing snowstorm at the U.S. Capitol in the days leading up to the Presidents Day holiday weekend. Based on infrastructure overlaps and tradecraft similarities, we believe the actors behind this campaign are associated with two previously identified campaigns (Operation DeputyDog and Operation Ephemeral Hydra).”
Additional technical details on the IE Zero Day exploit and the SnowMan campaign are available on FireEye’s blog.