clock menu more-arrow no yes

Filed under:

Department of Labor website reportedly compromised to target nuclear weapons workers

New, 14 comments
Hacker (STOCK)
Hacker (STOCK)

Two computer security software firms are reporting that a US Department of Labor website was compromised with malware designed to target employees in the Department of Energy — likely nuclear researchers. According to Invincea, a zero-day exploit targeting Internet Explorer 8 was discovered on the DoL's "Site Exposure Matrix Database," a site meant to provide information on the heath risks associated with exposure to radioactive materials. That site contained a redirect which secretly installed malware that could communicate witha remote server, according to Alien Vault.

The strategy of using a website your intended targets are likely to visit is known as a "watering hole," and you may recall that a similar tactic was used to target Apple, Facebook, and Twitter developers. With this current hack, the method used to communicate with the command-and-control server "matches with a backdoor used by a known chinese [sic] actor called DeepPanda," Alien Vault's Jaime Blasco writes, but just because the technique matches up doesn't necessarily mean that the hackers in this case are the same group.

The DoL acknowledged that "a website related to a DoL program appeared to be compromised" in an email to Nextgov, adding that the site had been taken down and that it "will ensure that appropriate precautions and safeguards remain in place to protect our information and information systems." Microsoft, in a statement to Ars Technica, said that it was investigating. In the meantime, using a more up-to-date browser is obviously a good idea.

Update: Microsoft has issued a security advisory related to this issue. Thought it hasn't yet developed a patch, it does have recommendations for IE8 users — including upgrading to a newer version if possible.