Datamation Logo

Hackers Exploit IE 8 Vulnerability to Attack Nuclear Researchers

May 6, 2013
Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Recently several security experts have sounded the alarm about a new zero-day vulnerability in Microsoft’s Internet Explorer 8 (IE 8) browser. Some believe the Chinese government may be behind “watering hole” attacks that compromised a Department of Labor website and other online locations that nuclear scientists are likely to visit.

SecurityWatch’s Max Eddy reported, “Late in April, security researchers discovered an exploit in Internet Explorer 8 that allowed attackers to execute malicious code on a victim’s computer. Most troublingly, the exploit has been found in the wild on a U.S. Department of Labor (DoL) Website, possibly targeting workers with access to nuclear or other toxic materials. This weekend, Microsoft confirmed that the exploit was a new zero-day in IE 8.”

Robert Lemos with eWeek noted, “Hackers compromised the U.S. Department of Labor’s Website this week, modifying pages about nuclear-related illnesses with malware that could compromise visitors’ computers through a zero-day vulnerability in Internet Explorer 8, according to security experts. While security firms first released details of the attack on May 1, endpoint protection firm Invincea reported on May 3 that the malware served up by the Department of Labor’s pages used an exploit for a previously unknown flaw in Internet Explorer 8. Victims’ systems which fell prey to the attack would be compromised with a variant of Poison Ivy, which is a malware type popular with Chinese hackers. In addition, the command-and-control traffic matches that seen in cases of espionage attributed to a Chinese attacker known as DeepPanda, according to security-management firm AlienVault.”

Ars Technica’s Dan Goodin added, “Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft’s Internet Explorer browser have spread to at least nine other websites, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and institutes, security researchers said. The revelation, from a blog post published Sunday by security firm AlienVault, means an attack campaign that surreptitiously installed malware on the computers of federal government workers involved in nuclear weapons research was broader and more ambitious than previously thought.”

eSecurity Planet quoted Tim Erlin of security vendor Tripwire, who mused, “The attackers clearly knew that this vulnerability existed in IE8, and that IE8 is the most widely used browser in general. Did they also know that it’s the most widely used at the Department of Labor or was that just a ‘lucky’ accident?”

  SEE ALL
ARTICLES
 

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Datamation Logo

Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

Advertisers

Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

Advertise with Us

Our Brands


Privacy Policy Terms & Conditions About Contact Advertise California - Do Not Sell My Information

Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.