U.S. Department of Labor Site Infected with Malware

Dennis Faas's picture

According to reports, hackers recently infected the United States Department of Labor website with malware. Security experts have indicated that the attack may have originated in China, since the strategy employed by hackers is very similar to tactics used by Chinese hackers in the past.

The hackers targeted the Site Exposure Matrices (SEM) page within the U.S. Department of Labor website. According to two security firms (AlienVault and Invincea), that page features data related to the storage of toxic substances at United States Department of Energy sites.

Attack May Have Originated in China

Those participating in the attack reportedly used code frequently employed by a Chinese nation-state cyberespionage group known only as "DeepPanda."

This is why some insiders believe the attack came from the Asian country. (Source: darkreading.com)

To compromise the U.S. Department of Labor website's security, the hackers planted code on the main page. This strategy allowed the hackers to redirect website visitors to other pages where their systems could be attacked by malicious software tools.

Attack Exploits Old Internet Explorer Vulnerability

The attack code attempted to detect and exploit Internet Explorer security vulnerability CVE-2012-4792, which has since been patched by Microsoft. (Source: pcworld.com)

Eventually Department of Labor security researchers identified the problem and took the affected pages offline. Reports from security firm Invincea indicate that the problem has now been fixed.

This kind of attack is known in the security world as a "drive-by download". It's one of the most dangerous types of attacks because all someone needs to do in order to become infected is visit a specially-crafted malicious web page.

Once someone's system is infected, the malicious software attempts to contact a command-and-control server. Making a successful connection would then allow hackers remote access to the infected systems.

This isn't the first time we've seen DeepPanda in action. The group was previously responsible for an attack on a number of prominent firms in December 2011.

The United States Department of Labor has not yet commented on this most recent attack.

Rate this article: 
No votes yet