Operation SnowMan: DeputyDog actor compromises US veterans of foreign wars website

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Operation SnowMan: DeputyDog actor compromises US veterans of foreign wars website
Botnet
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign SnowMan
Operation/Working group
Vulnerability
CCProtocol
Date 2014 / 2014-02-13
Editor/Conference FireEye
Link http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html www.fireeye.com (www.fireeye.com Archive copy)
Author Darien Kindlund, Dan Caselden, Xiaobo Chen, Ned Moran, Mike Scott
Type

Abstract

On February 11, FireEye identified a zero-day exploit (CVE-2014-0322) being served up from the U.S. Veterans of Foreign Wars’ website (vfw[.]org). We believe the attack is a strategic Web compromise targeting American military personnel amid a paralyzing snowstorm at the U.S. Capitol in the days leading up to the Presidents Day holiday weekend. Based on infrastructure overlaps and tradecraft similarities, we believe the actors behind this campaign are associated with two previously identified campaigns (Operation DeputyDog and Operation Ephemeral Hydra).

This blog post examines the vulnerability and associated attacks, which we have dubbed “Operation SnowMan.”

Bibtex

 @misc{Kindlund2014BFR1376,
   editor = {FireEye},
   author = {Darien Kindlund, Dan Caselden, Xiaobo Chen, Ned Moran, Mike Scott},
   title = {Operation SnowMan: DeputyDog actor compromises US veterans of foreign wars website},
   date = {13},
   month = Feb,
   year = {2014},
   howpublished = {\url{http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html www.fireeye.com}},
 }