Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

APT Group Uses Flash Zero-Day to Attack High-Profile Targets

The Flash Player zero-day vulnerability whose existence was brought to light on Tuesday by Adobe has been exploited by a relatively new advanced persistent threat (APT) group named by Kaspersky Lab “ScarCruft.”

The Flash Player zero-day vulnerability whose existence was brought to light on Tuesday by Adobe has been exploited by a relatively new advanced persistent threat (APT) group named by Kaspersky Lab “ScarCruft.”

According to the security firm, ScarCruft has been observed targeting Russia, Nepal, South Korea, China, Kuwait, India and Romania. Researchers said the group used two Flash Player and one Microsoft Windows vulnerabilities in its attacks.

The latest Flash zero-day (CVE-2016-4171), which Adobe plans on patching later this week, has been used by the threat actor in a campaign dubbed “Operation Daybreak.” The campaign, launched in March 2016, has focused on high-profile targets.

In a separate campaign conducted by ScarCruft, dubbed Operation Erebus, the attackers leveraged watering holes and an exploit for CVE-2016-4117, a Flash Player flaw reported to Adobe last month by researchers from FireEye. The vulnerability had been exploited by malicious actors before a patch was made available.

Kaspersky said it’s possible that ScarCruft also leveraged CVE-2016-0147, a Microsoft XML Core Services (MSXML) vulnerability that can be exploited through Internet Explorer. The flaw was patched by Microsoft in April, but it appears to have been exploited before a fix was released.

Kaspersky will publish more details on the Flash Player zero-day and ScarCruft’s attacks after Adobe releases a patch – most likely on Thursday, June 16. In the meantime, the company has confirmed that Microsoft EMET is effective at mitigating attacks.

This is not the first time Kaspersky has found a Flash Player zero-day vulnerability. In March, the security firm informed Adobe of CVE-2016-1010, which had also been exploited in targeted attacks.

Adobe informed customers on Tuesday that CVE-2016-4171 affects Flash Player 21.0.0.242 and earlier versions for Windows, Mac, Linux and Chrome OS. According to the company, successful exploitation of the flaw could lead to a crash and it could allow an attacker to take control of the vulnerable system.

Advertisement. Scroll to continue reading.

Related Reading: Hacking Team Leak Leads to Discovery of Silverlight Zero-Day

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.