MSIE 0-day exploit CVE-2014-0322 - Possibly targeting French aerospace association

(Publication) Google search: [1]

Abstract

“ * Websense researchers have discovered the use of CVE-2014-0322 as early as January 20, 2014 - nearly 3 weeks before the previously known first date of the attacks

• The attack may be targeting organizations associated with the French aerospace association, GIFAS
• The CVE-2014-0322 exploit in this attack is hosted on a US server
• We observed the malicious Shockwave Flash (Tope.swf SHA:910de05e0113c167ba3878f73c64d55e5a2aff9a) being uploaded to VirusTotal on January 20. This was presumably done by the attackers to confirm if antivirus had protection for the exploit. At the time there was zero detection
• The exploit may use an in-memory attack with no file writes to avoid detection from antivirus products
• Early analysis indicates correlations between this attack and the DeputyDog and EphemeralHydra groups

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1375,
   editor = {Websense},
   author = {Alex Watson, Victor Chin},
   title = {MSIE 0-day exploit CVE-2014-0322 - Possibly targeting French aerospace association},
   date = {13},
   month = Feb,
   year = {2014},
   howpublished = {\url{http://community.websense.com/blogs/securitylabs/archive/2014/02/13/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx community.websense.com}},
 }