THE UNITED STATES DEPARTMENT OF LABOR (DoL) website has been attacked by a Chinese hacker group that could have installed malware to extract information, security firm Alienvault has warned.
Alienvault's labs director Jaime Blasco discovered the threat and wrote about it in a blog post today.
Blasco is unsure how the hackers gained access to the government website and what information they have stolen, if any, but provided some clarity about the hack in an interview with The INQUIRER today.
"We have found that in US Department of Labor web site, some attackers have installed malicious code that is trying to do a couple of things," Blasco explained.
"The first thing is collecting information about which anti-virus is running on the systems of victums visiting the site and then also all the software that is running on those systems, such as PDF files, Microsoft office files, so all the information that they can gain from those systems."
Blasco said that the hackers also seemed to be taking advantage of a vulnerability in Internet Explorer 10 that was patched a couple of months ago.
"This was patched by Microsoft at the beginning of this year and if you don't have your system patched the attackers will be able to exploit that vulnerability then will install a malicious payload or malware in that system," he added.
"They can then use that malware to access that system and they can actually install the malware, extract files from your system and upload information so they can do whatever they want."
Alienvault found that what the attackers are looking to do with this hack is to compromise the systems of US government employees that visit it.
"This technique is known as a Waterholing attack [and is] basically compromising a website you know your victims are visiting so you don't need to target the victims, you just wait till the victims visit it and they will be compromised," Blasco explained.
How the hackers gained access to the US DoL website is unknown, but Blasco said that the command and control (C&C) protocol matches a backdoor used by a well known Chinese group.
"Based on the information that we analysed, the exploit has been used by a lot of Chinese groups in the last few months and the malicious payload has been hidden inside and is being used by a Chinese group," he said. µ
Sign up for INQbot – a weekly roundup of the best from the INQ