'Operation Hangover' hackers exploit latest Windows zero-day
Indian gang ups its game with targeted attacks that rely on malicious Word docs
Computerworld - The unpatched vulnerability in Windows that Microsoft acknowledged on Tuesday has been used by a known Indian hacker group responsible for earlier "Operation Hangover" attacks, security company Symantec said yesterday.
The gang behind Operation Hangover is believed to be based in India, and the bulk of the first round of cyber-espionage attacks, which were discovered in May, were aimed at its neighbor and long-time adversary Pakistan.
"After analyzing the payloads being used in this attack, we have identified that the targeted emails are part of an attack campaign known as Operation Hangover," Symantec said in a blog, referring to the newest campaign that relies on the Microsoft zero-day vulnerability to hijack and infect Windows PCs.
Microsoft issued a security alert Tuesday, saying that a vulnerability in the TIFF image-format parsing component of Windows was being exploited in attacks aimed at targets in the Middle East and South Asia, the latter region representing countries like India and Pakistan.
The attacks Symantec captured used malicious Word documents attached to emails with subject headings such as "Illegal Authorization for Funds Transfer" and "Problem with Credit September 26th 2013."
It was the first time that the Hangover group has used a zero-day vulnerability in its attacks, Symantec said.
Researcher Haifei Li of security company McAfee was the first to find and report the unpatched bug to Microsoft. The Redmond, Wash., company's security team was alerted of the vulnerability Oct. 31.
According to Li, the exploit uses multiple XML objects to "spray the heap memory," a technique more than a decade old, to uncover sections of memory suitable for use by the actual attack code.
"It is worth [noting] that this heap-spraying in Office via ActiveX objects is a new exploitation trick which we [haven't] seen before," Li wrote earlier this week.
Microsoft's own researchers confirmed the ActiveX-based head-spray tactic in a detailed description published on its Security Research & Defense blog Tuesday.
This article, 'Operation Hangover' hackers exploit latest Windows zero-day, was originally published at Computerworld.com.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!