CFR watering hole attack also target Capstone Turbine Corporation

ID THN:5ACF233F4E37E6A4975B246F2082107C
Type thn
Reporter Mohit Kumar
Modified 2013-01-11T18:02:27


Last week Council on Foreign Relations website was compromised and recently hit by a drive-by attack using a zero day Internet Explorer 6 vulnerability for Cyber Espionage attack, suspected by Chinese Hackers. Later Microsoft confirmed that Internet Explorer 6, 7, and 8 are vulnerable to remote code execution hacks.

According to researcher Eric Romang, CFR watering hole attack (CVE-2012-4969 and CVE-2012-4792) has also target Capstone Turbine Corporation website since mid-September. He was able to find a cached version of the first JavaScript that starts the drive-by attack. Then on further search finds that by doing a Google dork search “_include” we can see something strangely like “news_14242aa.html“ file.

Capstone Turbine Corporation is the world’s leading producer of low-emission microturbine systems, and was first to market with commercially viable microturbine energy products. Capstone Turbine has shipped thousands of Capstone MicroTurbine systems to customers worldwide.

Jindrich Kubec director of Threat Intelligence at avast confirm the presence of exploit in September on Capstone Turbine Corporation, "I wrote to Capstone Turbine on 19th Sep about the Flash exploit stuff they were hosting. They never replied. And also not fixed"

Eric shows many valid proofs from urlQuery and VirusTotal results that can confirm the presence of hacks on this new target and he suggest, "Potentially the guys behind CVE-2012-4969 and CVE-2012-4792 are the same."

Fortunately, Microsoft have come up a patch and therefore the new year will be having a safe start after all.