Russian Hackers Use Flash Zero-Day Flaws

Uploaded on 2015-04-25 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Chinese hacker groups were among first to target networks isolated from Internet, so-called air-gapped networks that are not directly connected to the Internet, according to FireEye. And now there has been a fresh attack by a long-known hacking group suspected to be linked with Russia. 

The computer security firm FireEye wrote that the group, called APT 28, attacked an "international government entity", using two recently disclosed software flaws, one of which has not been patched.

The attack sought to trick victims into clicking on a link that led to a website which attacked their computer. It first used a vulnerability in Adobe Systems' Flash player, CVE-2015-3043, then used a still unpatched Microsoft vulnerability, CVE-2015-1701, to gain higher privileges on a computer.

In a white paper released last year, FireEye said APT 28 had conducted attacks against political and military-related organizations since at least 2007. The group compiles "malware samples with Russian language settings during working hours consistent with the time zone of Russia's major cities, including Moscow and St. Petersburg."

The malware delivered in the latest attack is very similar to CHOPSTICK, a backdoor known to be used by APT 28. In fact, the malware delivered in the latest attack used the same RC4 encryption key that was used by CHOPSTICK, FireEye said.

Computerworld

 

« Gang Warfare: Hacking Groups Clash In Cyberspace
US Army Shares Cyber Warriors with Hollywood & Wall Street »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

CIRT.GY

CIRT.GY

CIRT-GY is the national Computer Incident Response Team for Guyana.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

Information Technology Industry Development Agency (ITIDA)

Information Technology Industry Development Agency (ITIDA)

ITIDA has two broad goals: building the capacities of Egypt’s local information and communications technology (ICT) industry and attracting foreign direct investments to boost the ICT sector.

Startup Capital Ventures

Startup Capital Ventures

Startup Capital Ventures is an early stage venture capital firm with a focus on FinTech, Cloud/SaaS, Security, Healthcare IT, and IoT.

CyberSat Summit

CyberSat Summit

CyberSat is dedicated to fostering the necessary discussions to flesh out and develop solutions to cyber threats in the satellite industry.

AmWINS Group

AmWINS Group

AmWINS are a global specialty insurance distributor with expertise in property, casualty and professional lines including cyber liability.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Trusted Technologies and Solutions (TTS)

Trusted Technologies and Solutions (TTS)

TTS is a security consulting company specialised on business continuity and crisis management, information security management, information risk management and identity and access management.

Arcturus Security

Arcturus Security

Arcturus is a CREST-approved cyber security consultancy created by experts in the field.

AnzenSage

AnzenSage

AnzenSage is a cybersecurity advisory consultancy specializing in security risk resilience for the food sector: agriculture, food manufacturing, food supply chain, vineyards, and wineries.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.

HanaByte

HanaByte

HanaByte is a security consultancy focused on delivering state of the art solutions in the cloud. We specialize in delivering cloud services with an emphasis on security.

CyberForceHQ

CyberForceHQ

CyberForce helps cyber security professionals take real-world tests, get ranked and get paid better. It's that simple.