Greg and I have put up a new post on the IWM and Malware Lab about 0day exploits and Civil Society organizations. It s not about coordinated 0day attacks but rather some general trends and patterns that we’re seeing. We’re finding that the websites of civil society organizations are being used to push malware — usually through iframe injection — and that malware campaigns often leverage human rights related themes. Also, despite the fact that some attacks may be unintentional (e.g. mass iframe injection), it results in a situation in which civil society organizations are intimidated and their operations are disrupted. The key issues we identified are:
- Civil society organizations are compromised and used as vehicles to deliver 0day exploits
- Attackers have access to multiple 0day exploits and switch their attacks to leverage newer exploits as they become available
- Attackers leverage human rights issues as the context for malware distribution
- The attacks are effective; civil society organizations continue to propagate malicious links within their communities without realizing it.