Council on Foreign Relations Site Hosted Malicious Content Since December 21

English, Korean, Russian, Japanese and Chinese speaking users were targeted

By Eduard Kovacs on December 29th, 2012 11:34 GMT

Experts from security firm FireEye have analyzed the recent hack that affected the Council on Foreign Relations (CFR). Besides revealing the fact that an Internet Explorer zero-day has been used, researchers have also confirmed that the malware hosted on the CFR site was planted there as early as December 21.

The malicious content was discovered on December 26, which means that the cybercriminals could have successfully infected the computers of a large number of users during that timeframe.

Initial reports said that users whose browsers were set to support the Chinese language were the main targets, but FireEye explains that other categories were targeted as well.

The exploit was served to all visitors who had set their browsers to languages such as English (US), Chinese (Taiwan), Chinese (China), Japanese, Korean or Russian.

Interestingly, the exploit utilized browser cookies to ensure that the malware would be served to each of the victims only once.
FireEye investigates CFR hack
   FireEye investigates CFR hack
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments