APT3 Group Used Two Serious Zero-Day Bugs in Its Attacks

Researchers at FireEye have discovered that the APT3, a group linked to the “Clandestine Fox” operation, has been using 2 newly reported zero-day exploits in its recent attacks, dubbed Operation DoubleTap. Of these, one was exploitable for 18 years.

The vulnerability in question carries the name CVE-2014-6332. It is a Windows OLE Automation Array Remote Code Execution vulnerability and poses a very serious security threat to affected systems. The issue emerged with the release of the Internet Explorer 3, back in 1996, says Robert Freeman who was a manager at IBM X-Force Research at the time.

In addition to that, the APT3 actors used a Windows Privilege Escalation bug, the CVE-2014-4113. According to TrendMicro, “the vulnerability affects both desktop and server versions from Windows XP and Server 2003 up to Windows 8.1 and Server 2012 R2. However, the currently available exploit code does not affect Windows 8 and later versions.”

For more information, visit FireEye’s blog post on the “DoubleTap” exploits. For indicators of compromise, click here.