FireEye notes that the group has initiated attacks on 19th November 2014 targeting multiple high profile organizations.
APT3 aka UPS have successfully used multiple Windows exploits, targeting both CVE-2014-6332 and CVE-2014-4113.
The same VBScript code will cause the same outcome all of the time, Freeman said in the interview.
Now it seems, APT3 is successfully leveraging both the vulnerabilities to target vulnerable systems in corporate networks.
After a period of time, they got brazen enough to use social engineering to target victims.
In one such brazen attack, they targeted an energy company.
They contacted an employee of the company and sent him an e-mail that contained malicious files.
FireEye publishedindicators of compromise(IOCs) in its post.
Someone released a proof-of-concept code from a Twitter feed Ive been tracking for awhile, he said.
Trey Ford, global security strategist at Rapid7, in another interview spoke more on the same issue.
The false economy of secret information protects the attackers, not the defenders.
source: www.techworm.net
