Two weeks ago, news broke about strategic web compromise (SWC) activity on the website for the U.S. organization, Veterans of Foreign Wars (VFW). This activity leveraged exploit code for a zero-day vulnerability now identified as CVE-2014-0322 and ultimately infected victims with ZxShell malware. CrowdStrike Intelligence attributed this attack to the AURORA PANDA adversary; however, the discovery of additional indicators revealed that another adversary was leveraging the same vulnerability to carry out targeted attacks nearly a month before the VFW attack occurred. This other activity appears to be focused on French aerospace and shares similarities with a 2012 SWC campaign affecting the website of U.S.-based turbine manufacturer, Capstone Turbine.
Showing posts with label CVE-2014-0322. Show all posts
Showing posts with label CVE-2014-0322. Show all posts
Subscribe to:
Posts (Atom)