English, Korean, Russian, Japanese and Chinese speaking users were targeted
Experts from security firm FireEye have analyzed the recent hack that affected the Council on Foreign Relations (CFR). Besides revealing the fact that an Internet Explorer zero-day has been used, researchers have also confirmed that the malware hosted on the CFR site was planted there as early as December 21.The malicious content was discovered on December 26, which means that the cybercriminals could have successfully infected the computers of a large number of users during that timeframe.
Initial reports said that users whose browsers were set to support the Chinese language were the main targets, but FireEye explains that other categories were targeted as well.
The exploit was served to all visitors who had set their browsers to languages such as English (US), Chinese (Taiwan), Chinese (China), Japanese, Korean or Russian.
Interestingly, the exploit utilized browser cookies to ensure that the malware would be served to each of the victims only once.