Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Submission + - "State-sponsored" zero-day exploit hits aerospace firm (

An anonymous reader writes: A European aeronautical supplier's website has been hacked, and infected with an as-yet unpatched Microsoft vulnerability that has been linked to state-sponsored cyberwarfare attacks.

The infection was discovered when a computer user attempted to visit the affected website, and received a warning message that a file on the site was infected by code which attempts to exploit the vulnerability in Microsoft XML Core Services which could allow Remote Code Execution (CVE-2012-1889).

According to security researcher Graham Cluley, "We know that a tried-and-trusted method of hacking into large companies and organisations is to target the supply chain. The theory goes that rather than try to hack a company which may have robust security practices and security teams, the bad actor can instead attack a smaller supplier who are less well placed to notice the security breach."

Sophos which identified the security breach, has declined to name the company involved — but has raised its threat level to "Critical".

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

"State-sponsored" zero-day exploit hits aerospace firm

Comments Filter:

Space is to place as eternity is to time. -- Joseph Joubert