According to security researcher Eric Romang, the same attack used on the Web site for the Council on Foreign Relations (CFR) was also recently used on the Web site for microturbine manufacturer Capstone Turbine Corporation.
“Capstone figures to be a valuable target, Romang said, given its position in the energy community as a producer of microturbine energy products,” writes Threatpost’s Michael Mimoso. “He found the same malicious html file on the Capstone site as was found residing on the CFR site.”
“One interesting aspect is that capstoneturbine.com was also compromised back in September and was used to serve an exploit for a different IE vulnerability that was unpatched at the time,” writes Computerworld’s Lucian Constantin. “The same attackers might be behind the new IE exploit, Romang said.”
Jindrich Kubec, director of threat intelligence at Avast, later wrote that he’d also noted the compromise at capstoneturbine.com in September of 2012. “I wrote to Capstone Turbine on 19th September about the Flash exploit stuff they were hosting,” Kubec tweeted. “They never replied. And also not fixed.”