CFR watering hole attack also target Capstone Turbine Corporation

CFR watering hole attack also target Capstone Turbine Corporation

Last week Council on Foreign Relations website was compromised and recently hit by a drive-by attack using a zero day Internet Explorer 6 vulnerability for Cyber Espionage attack, suspected by Chinese Hackers. Later Microsoft confirmed that Internet Explorer 6, 7, and 8 are vulnerable to remote code execution hacks.
According to researcher Eric Romang, CFR watering hole attack (CVE-2012-4969 and CVE-2012-4792) has also target Capstone Turbine Corporation website since mid-September. He was able to find a cached version of the first JavaScriptthat starts the drive-by attack. Then on further search finds that by doing a Google dork search site:capstoneturbine.com “_include” we can see something strangely like CFR.org “news_14242aa.html“ file.
Capstone Turbine Corporation is the world’s leading producer of low-emission microturbine systems, and was first to market with commercially viable microturbine energy products. Capstone Turbine has shipped thousands of Capstone MicroTurbine systems to customers worldwide.
Jindrich Kubec director of Threat Intelligence at avast confirm the presence of exploit in September on Capstone Turbine Corporation, “I wrote to Capstone Turbine on 19th Sep about the Flash exploit stuff they were hosting. They never replied. And also not fixed
Eric shows many valid proofs from urlQuery and VirusTotal results that can confirm the presence of hacks on this new target and he suggest, “Potentially the guys behind CVE-2012-4969 and CVE-2012-4792 are the same.”
Fortunately, Microsoft have come up a patch and therefore the new year will be having a safe start after all.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Blog Stats

    • 10,842 hits
  • Upcoming Events

    No upcoming events

%d bloggers like this: