clock menu more-arrow no yes mobile

Filed under:

Attack on Veterans Website Aims to Steal Military Intelligence

The breach involves a site frequented by veterans and active duty military personnel, and was carefully timed.

Computer criminals using a newly discovered vulnerability in Microsoft’s Internet Explorer 10 browser have breached a website belonging to an organization frequented by veterans and current military personnel in a possible attempt to hijack their computers and steal military intelligence.

The disclosure came from FireEye, the computer security company that last month acquired Mandiant to create a new computer security powerhouse. (The firm’s two senior executives, Dave DeWalt and Kevin Mandia, are in the photo above.)

The site in question is, the Web home of the Veterans of Foreign Wars, a non-profit organization for U.S. military veterans who have served in combat overseas, but is also open to currently serving military personnel. It boasts 1.5 million members.

FireEye described the breach as a “strategic Web compromise,” aimed specifically at military personnel and timed to coincide with the winter storm that hit the Washington, D.C., area today and the run-up to the Presidents’ Day federal holiday on Monday.

Since this doesn’t fully connect the dots on the significance of the attack, I’ll do it: The target of the attack is likely active duty personnel working in Washington, D.C., say at the Pentagon, who might sign into the VFW site from home over the long weekend, and then later try to sign into work or personal email accounts or VPNs from the same machine.

In a lengthy blog post describing the attack, which it has named “Operation SnowMan,” the firm said visitors to the VFW site using the IE 10 browser may be hit with a drive-by download that installs a remote access tool on their machines that can then be used to steal information or install further malware. “A possible objective in the SnowMan attack is targeting military service members to steal military intelligence,” the post said.

FireEye said the attack resembles two others seen last year, and may have been launched by the same organization. Operation DeputyDog targeted organizations in Japan, FireEye said, and there are also connections to a group that attacked and breached the security firm Bit9 a year ago.

FireEye shares rose by more than four percent today and closed at $72.01. The shares have risen by more than 260 percent since FireEye’s IPO on Sept. 20.

Update: I just received a statement from Microsoft on this. Here it is:

“Microsoft is aware of targeted attacks against Internet Explorer, currently targeting customers using Internet Explorer 10. We are investigating and we will take action to help protect customers.”

This article originally appeared on

Sign up for the newsletter Today, Explained

Understand the world with a daily explainer plus the most compelling stories of the day.