Your new post is loading...
One of the attack crews using the new Java CVE-2012-4681 vulnerability is the Nitro group that was traced to China and attacked chemical companies and defense contractors.
Researchers say that one of the attack groups using the two new Java zero-day vulnerabilities is the same group that was behind an earlier targeted attack campaign from 2011. That group was traced back to China and was essentially running a spear-phishing campaign, but now the crew, known as Nitro, is using the Java vulnerabilities in Web-based attacks that install the Poison Ivy remote-access tool.
The attacks have been going on for more than a week, researchers say, and the Nitro group apparently is reusing both their command-and-control servers and some of the file names for the malicious executables. There are two separate domains serving the Java exploit right now, and the two main executable files the attacks are using are named "Flash_update.exe" and "hi.exe".
Read more:
http://threatpost.com/en_us/blogs/use-java-zero-day-flaws-tied-nitro-attack-crew-083012
