A sophisticated group of cybercriminals, the ones who have previously conducted the DeputyDog and Ephemeral Hydra campaigns, are using an Internet Explorer zero-day in a new operation dubbed SnowMan.Security researchers from FireEye have spotted the zero-day exploit, which impacts IE 9 and 10, on the website of the US Veterans of Foreign Wars (vfw.org). Experts believe that this is part of an attack targeting US military personnel.
The cybercriminals behind this attack are known for targeting high-profile organizations. They’ve previously attacked US government entities, defense industrial base companies, law firms, Japanese companies, and NGOs. They’ve also targeted IT and mining companies, mostly by relying on remote access Trojans (RATs).
Microsoft has confirmed the existence of the exploit. The company advises customers to update Internet Explorer to version 11 to protect themselves against such attacks.
Additional technical details on the IE zero-day exploit and the SnowMan campaign are available on FireEye’s blog.