CybersecurityAttackers exploited Microsoft security hole before company’s announcement

Published 8 May 2014

Before Microsoft alerted its customers of a security flaw in Windows XP over a week ago, a group of advanced hackers had already discovered and used the vulnerability against targeted financial, energy, and defense companies.

Before Microsoft alerted its customers of a security flaw in Windows XP over a week ago, a group of advanced hackers had already discovered and used the vulnerability against targeted financial, energy, and defense companies.

As theNew York Times reports, researchers with the security firmFireEye “watched as the attackers shared their exploit with a separate attack group, which began using the vulnerability to target companies.” 

Darien Kinklud, the director of threat intelligence at FireEye, told the paper that “There was a notable increase in proliferation.”

The methods for exploiting the vulnerability were not new, but rather specific types of “watering hole attacks,” in which “hackers infect a popular website with malware, then wait for victims to click to the site and infect their computers.”

Additionally, Kindlund said that “FireEye believed the two attack groups were nation-state sponsored. While he said the company did not yet have conclusive evidence, based on the group’s previous campaigns it was believed they were operating from China.”

The security flaw affected all versions of Microsoft’s Internet Explorer software. To make matters worse, Microsoft had ended its support of XP a month prior, so any devices could remain vulnerable given the lack of patch updates that usually arrive for software automatically during a support period.

Lastly, the Times also mentioned the unusual back-and-forth spat between rival NSS Labs, the latter criticizing the performance of FireEye in accordance with other platforms. FireEye responded by saying that NSS Labs’ “test environment did not reflect real-world threats.”

“It’s hard to model and test for that in any controlled way,” Kindlund said, addressing past critiques, “Clearly there’s a disconnect between what’s happening in the real world and what’s currently being tested.”