updated 10:58 am EDT, Sat May 4, 2013
Attack targeted nuclear weapons workers accessing health information
A US Department of Labor website tailored for nuclear weapons researchers has been compromised, redirecting visitors to a series of alternative websites. If the accessor was using Windows XP and Internet Explorer 8, the culmination of the attack inserted the "Poison Ivy" malware onto the computer, giving access to the user's data by "DeepPanda", a group of hackers believed to be located in China.
Microsoft has confirmed the code execution flaw in Internet Explorer 8. The ultimate fix for the issue is migration to a newer version of the browser, all that have fixes for the flaw. If an upgrade isn't possible, Microsoft advises users to set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones, and to configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones. Both settings would require "white listing" trusted sites.
"For users of IE8, there is no patch currently available and with this exploit being out in the wild, the potential risk for damage is high" said researchers from security firm Invincea in an initial report on Wednesday.
The webpages that were affected provided information on illnesses suffered by personnel developing atomic weapons, making it a likely target for a "watering hole" attack. The websites have since been repaired, and law enforcement is looking into the matter.