Executive Overview:
Websense researchers have discovered the use of CVE-2014-0322 as early as January 20, 2014 - nearly 3 weeks before the previously known first date of the attacks
The attack may be targeting organizations associated with the French aerospace association, GIFAS
The CVE-2014-0322 exploit in this attack is hosted on a US server

We observed the malicious Shockwave Flash (Tope.swf SHA:910de05e0113c167ba3878f73c64d55e5a2aff9a) being uploaded to VirusTotal on January 20. This was presumably done by the attackers to confirm if antivirus had protection for the exploit. At the time there was zero detection. The exploit may use an in-memory attack with no file writes to avoid detection from antivirus products Early analysis indicates correlations between this attack and the DeputyDog and EphemeralHydra groups

For more information : http://community.websense.com/blogs/...anization.aspx