Operation SnowMan: DeputyDog actor compromises US veterans of foreign wars website

(Publication) Google search: [1]

Abstract

“ On February 11, FireEye identified a zero-day exploit (CVE-2014-0322) being served up from the U.S. Veterans of Foreign Wars’ website (vfw[.]org). We believe the attack is a strategic Web compromise targeting American military personnel amid a paralyzing snowstorm at the U.S. Capitol in the days leading up to the Presidents Day holiday weekend. Based on infrastructure overlaps and tradecraft similarities, we believe the actors behind this campaign are associated with two previously identified campaigns (Operation DeputyDog and Operation Ephemeral Hydra).

This blog post examines the vulnerability and associated attacks, which we have dubbed “Operation SnowMan.”

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1376,
   editor = {FireEye},
   author = {Darien Kindlund, Dan Caselden, Xiaobo Chen, Ned Moran, Mike Scott},
   title = {Operation SnowMan: DeputyDog actor compromises US veterans of foreign wars website},
   date = {13},
   month = Feb,
   year = {2014},
   howpublished = {\url{http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html www.fireeye.com}},
 }