Amnesty International’s United Kingdom website was compromised late last week and was being used to exploit a known Java runtime environment hole on machines belonging to unwitting visitors to the site, according to Barracuda Labs researcher, Paul Royal.
Citing historical data, Royal claims that AI’s website was compromised on Friday, December 16, and remained compromised through December 22. Those who visited AI’s UK page were redirected to a legitimate but compromised Brazilian automotive site via an iframe, which then installed malicious Java content, Barracuda said. The exploit targeted a known vulnerability identified by the handle CVE-2011-3544.
While the parties behind the attack are unknown, the decision to target a prominent human rights group like Amnesty may suggest that the attackers have other than financial motivations.
According to Royal, the payload used in the attack is sophisticated enough to suggest that the hack was a targeted malware attack – though one being served through the exploitation of a popular public website.
Amnesty said they were aware of the problem and were working to address it.
“We have been working with our hosting service to resolve the problem,” Emerson Povey of Amnesty International told ZDNet’s Dancho Danchev. “[We] have cleaned both servers, rebooted, and removed the script. At 2pm today [we] confirmed that the issue is now resolved.”