Russian Hackers Use Flash Zero-Day Flaws

Chinese hacker groups were among first to target networks isolated from Internet, so-called air-gapped networks that are not directly connected to the Internet, according to FireEye. And now there has been a fresh attack by a long-known hacking group suspected to be linked with Russia. 

The computer security firm FireEye wrote that the group, called APT 28, attacked an "international government entity", using two recently disclosed software flaws, one of which has not been patched.

The attack sought to trick victims into clicking on a link that led to a website which attacked their computer. It first used a vulnerability in Adobe Systems' Flash player, CVE-2015-3043, then used a still unpatched Microsoft vulnerability, CVE-2015-1701, to gain higher privileges on a computer.

In a white paper released last year, FireEye said APT 28 had conducted attacks against political and military-related organizations since at least 2007. The group compiles "malware samples with Russian language settings during working hours consistent with the time zone of Russia's major cities, including Moscow and St. Petersburg."

The malware delivered in the latest attack is very similar to CHOPSTICK, a backdoor known to be used by APT 28. In fact, the malware delivered in the latest attack used the same RC4 encryption key that was used by CHOPSTICK, FireEye said.

Computerworld

 

« Gang Warfare: Hacking Groups Clash In Cyberspace
US Army Shares Cyber Warriors with Hollywood & Wall Street »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

Deep Identity

Deep Identity

Deep Identity is a boutique system integrator, with expertise in tailored identity governance & administration (IGA) and identity access management (IAM) solutions.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

AVeS Cyber Security

AVeS Cyber Security

AVeS combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

CMMI Institute

CMMI Institute

CMMI Institute enables organizations to elevate and benchmark performance across a range of critical business capabilities, including product development, data management and cybersecurity.

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity make Cars & Infrastructures Cybersecure.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

DataPassports

DataPassports

DataPassports is a data-centric security and privacy solution that enforces privacy and security from end-to-end with transparent protection of data at the source.

Navixia

Navixia

As a leading Swiss IT security specialist, Navixia offers a global and pragmatic approach to information security.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

Siren

Siren

Siren provides the leading Investigative Intelligence Platform to some of the world’s leading Law Enforcement, National Security and Cyber threat investigators.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.

Pvotal Technologies

Pvotal Technologies

Pvotal Technologies engineer complex, automated processes aligned with best AIOps, BizDevOps, DevSecOps, CloudOps, and ITOps practices.