The Council on Foreign Relations (CFR) wasn't the only target of the recently discovered watering hole attack that leveraged a zero-day vulnerability in Internet Explorer. It appears that the Capstone Turbine Corporation, a world-leading microturbine systems producer, is also a victim.According to security researcher Eric Romang, the organization’s website was set up to host the exploit since at least December 18.
However, this isn't the first time when cybercriminals compromised the systems of Capstone Turbine Corporation. The site has been hosting a similar IE exploit since at least September 2012.
Unfortunately, Capstone Turbine Corporation is not very responsive to cyber security reports. Despite the fact that it was warned by avast! experts of the presence of the exploit on its systems since September, the company failed to do anything about it.
Microsoft has released a temporary fix for the Internet Explorer vulnerability and they advise all users to apply it as soon as possible to protect themselves against such attacks.