"These C&C communications predate the widely reported first use of this attack infrastructure by more than six weeks, and indicates that the attacks from this threat actor are not just limited to Japan," the Websense researchers said Thursday in a blog post. These older attacks are most likely linked to Operation DeputyDog, but they have enough variations to indicate that different high-profile attack teams may be using the same tool sets, they said.
Security researchers from AlienVault also believe that the new IE vulnerability was used to attack organizations in Taiwan, because they found a variant of the exploit hosted on a subdomain of Taiwan government's online e-procurement system.
Users who visit the main website for the first time will get redirected to the exploit page, AlienVault researcher Jaime Blasco said in a blog post.
The vulnerability affects all versions of Internet Explorer, but the exploits seen so far target only Internet Explorer 8 and 9 running on Windows XP and Windows 7 systems. Websense estimates that nearly 70 percent of Windows-based PCs are vulnerable.