Russian Hackers Use Flash Zero-Day Flaws

Uploaded on 2015-04-25 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Chinese hacker groups were among first to target networks isolated from Internet, so-called air-gapped networks that are not directly connected to the Internet, according to FireEye. And now there has been a fresh attack by a long-known hacking group suspected to be linked with Russia. 

The computer security firm FireEye wrote that the group, called APT 28, attacked an "international government entity", using two recently disclosed software flaws, one of which has not been patched.

The attack sought to trick victims into clicking on a link that led to a website which attacked their computer. It first used a vulnerability in Adobe Systems' Flash player, CVE-2015-3043, then used a still unpatched Microsoft vulnerability, CVE-2015-1701, to gain higher privileges on a computer.

In a white paper released last year, FireEye said APT 28 had conducted attacks against political and military-related organizations since at least 2007. The group compiles "malware samples with Russian language settings during working hours consistent with the time zone of Russia's major cities, including Moscow and St. Petersburg."

The malware delivered in the latest attack is very similar to CHOPSTICK, a backdoor known to be used by APT 28. In fact, the malware delivered in the latest attack used the same RC4 encryption key that was used by CHOPSTICK, FireEye said.

Computerworld

 

« Gang Warfare: Hacking Groups Clash In Cyberspace
US Army Shares Cyber Warriors with Hollywood & Wall Street »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Privacy Professor

Privacy Professor

Privacy Professor provides information privacy, security and compliance services, tools and products to organizations in a wide range of industries.

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

CERT.at

CERT.at

CERT.at is the Austrian national Computer Emergency Response Team.

ID-SIRTII/CC

ID-SIRTII/CC

Security Incident Response Team for Internet Infrastructure in Indonesia.

MSG Systems

MSG Systems

MSG are committed to intelligent IT and industry solutions and offer independent consulting on all aspects of information security.

NEC

NEC

NEC offers a complete array of solutions to governments and enterprises to protect themselves from the threats of digital disruption.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

Ampliphae

Ampliphae

Ampliphae gives you an easy-to-deploy, sophisticated and affordable cloud-discovery, security and compliance platform.

Hold Security

Hold Security

Hold Security works with companies of all sizes to provide unparalleled Threat Intelligence services that actually make a difference.

LTIMindtree

LTIMindtree

LTIMindtree is a new kind of technology consulting firm. We help businesses transform – from core to experience – to thrive in the marketplace of the future.

ENSCO

ENSCO

The ENSCO group of companies provides engineering, science and advanced technology solutions that guarantee mission success, safety and security to governments and private industries worldwide.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

FoxPointe Solutions

FoxPointe Solutions

FoxPointe Solutions is a full-service cyber risk management and compliance firm.

Trustack

Trustack

Trustack services cover connectivity, infrastructure services, security, unified comms, agile working and more. Our team of consultants deliver customised solutions tailored to your needs.