A previously unknown flaw in a recent version of Microsoft Internet Exploder is being used to attack Internet users, including some visitors to a major site for US military veterans.

Security outfit FireEye discovered the attacks against IE 10 this week, saying that hundreds or thousands of machines have been infected. It said the culprits broke into the website of U.S. Veterans of Foreign Wars and inserted a link that redirected visitors to a malicious web page that contained the infectious code in Adobe Flash.

The attackers were probably seeking information from the machines of soldiers and that the campaign shared some infrastructure and techniques previously attributed to groups in mainland China. Planting backdoors on the machines of VFW members and site visitors to collect military intelligence was a possible goal.

The latest version of the browser is IE 11, which is unaffected, and a Microsoft security tool called the Enhanced Mitigation Experience Toolkit also protects users who have installed that.