Hackers target Windows XP users with Internet Explorer attacks
Hackers are leveraging a zero-day vulnerability in Microsoft's Internet Explorer (IE) web browser to target Windows XP users with an advanced cyber attack.
Researchers from FireEye uncovered the attack and listed it as being a part of a wider campaign, codenamed "Operation Clandestine Fox". FireEye reported uncovering the IE vulnerability earlier this week.
The vulnerability affects IE6 through IE11 and can theoretically be used to exploit machines running Windows XP, 7 and 8.1. The original Operation Clandestine Fox attacks focused on targeting Windows 7 and 8.1 machines running IE9 through IE11. The new attacks target Windows XP machines running IE8.
Threat intelligence manager at FireEye Darien Kindlund told V3 the attacks have the same end goal as the earlier Windows 7 and 8 raids and are designed to infiltrate businesses involved in critical infrastructure areas.
"The XP attack is identical to the previously discovered vulnerability," said Kindlund. "It lets attackers gain remote access to compromised systems, and it appears to be used in targeted attacks against [the] defence, finance, and energy sectors."
The attacks' discovery comes just after Microsoft released a patch plugging the IE vulnerability which included a fix for Windows XP users. The fix comes less than a month after Microsoft officially ceased support for its decade-old Windows XP operating system (OS). Microsoft said the XP fix is a one-off, promising it will not release any further patches for the OS.