Anonymous China Hong Kong
State-sponsored groups based in China utilised the recent Internet Explorer vulnerability to launch attacks on US and European companies in the defence, energy and financial services industries. Reuters

The recent high-profile vulnerability affecting Microsoft's Internet Explorer browser was exploited by two separate state-sponsored groups in China, according to a senior security expert.

The browser's vulnerability was first discovered by security firm FireEye, who alerted Microsoft to the flaw. Last Thursday, almost a week after first warning users of the threat, Microsoft issued an emergency security patch.

In this time two different groups of sophisticated attackers were able to exploit the vulnerability, which affected all versions of Internet Explorer.

While there is not yet any conclusive proof as to the group's identity, a director at FireEye believes that based on previous campaigns the two attack groups were state-sponsored and operating in China.

"Whoever carried out the attacks obviously had enough resources to either develop or purchase the exploits so I would not be surprised if they were state-sponsored," Darien Kindlund, director of threat research at FireEye, told IBTimes UK. "Based on previous research, China would be the obvious source of attacks."

According to Kindlund and FireEye, the first wave of attacks targeted US and Europe-based companies in the defence and financial services industry, most likely for the purpose of obtaining corporate secrets and stealing intellectual property.

The second wave of attacks went after hi-tech and energy firms, also based in Europe and the US.

The target companies have not been identified.

State-sponsored attacks on NGOs

In a blogpost issued just before the Internet Explorer vulnerability was discovered, FireEye noted that China, along with Russia and Iran, was known to have existing and growing cyber operations to support their government's political agendas.

"Over the last few years, we have observed China-based advanced persistent threat (APT) groups frequently target US-based non-governmental organisations (NGOs)," said Jen Weedon, a research analyst at FireEye.

The reason to target NGOs in this instance is because such organisations are perceived as instruments of US government policy.

"Unsurprisingly, they were organisations with programmes that touched on Chinese human rights, democratic reforms and social issues," Weedon added.

Two-way street

The Chinese government has consistently denied charges laid against it in relation to carrying out such attacks, instead accusing the US government of carrying out cyber espionage.

Last year, security company Mandiant published a report detailing the activities of a group of hackers within China's People's Liberation Army who had allegedly stolen sensitive data from hundreds of US companies and government agencies.

Following the report, a US government spokesperson said: "This is something we are going to have to come back at time and again with the Chinese leadership."

The latest Internet Explorer-focussed attacks are now "comprehensively" covered by Microsoft's security patch, however Kindlund warned that many systems may still be vulnerable.

"A non-trivial problem is whether people actually get the patch," Kindlund said. "Those without automatic updates need to ensure they have it, while unlicensed Windows XP users will be permanently vulnerable."