14 DAY TRIAL // Experts continue to investigate the recent US Department of Labor (DOL) watering hole attack that involved at least nine websites. Security researcher Eric Romang has found that the cybercriminals behind the campaign have also targeted employees of the US Agency for International Development (USAID).
One of the nine websites involved in the DOL watering hole attack is the one of the University Research Co. of Cambodia (urccabodia.org).
Romang found that at least two social media accounts – one Twitter and one Facebook account – were used by the cybercriminals to lure employees of USAID to urccambodia.org in an effort to trick them into installing a variant of the Poison Ivy malware.
On Twitter, the attackers posted several tweets between March 18 and April 10, many of which directly addressed official USAID Twitter accounts.
On Facebook, the cybercriminals created a bogus profile that appeared to belong to a woman named Kelly Black. They copied a picture from the web, and made the profile of a woman that appeared to be working for USAID.
The crooks managed to befriend several individuals from USAID and started posting links that allegedly led to “a new project.”
AlienVault experts, the ones who first spotted the DOL attack, say that the command and control protocol used in the campaign matches the one used by a Chinese hacker group dubbed DeepPanda.
Microsoft has released a Fix It and a permanent patch will be issued later today for the Internet Explorer 8 vulnerability exploited in these attacks. However, the attackers have had enough time to leverage the security hole.
In addition, considering that many users fail to keep their software updated, they might be able to leverage if for quite some time.