New Flash Player Zero-Day Exploit Enables Attackers to Hijack Target Computers
A new zero day exploit has been discovered in the patched versions of Adobe Flash Player. This vulnerability has been reported to be exploited by attackers to secretly install malware on target computers that were sent spear phishing emails.
Critical zero day Flash Player exploit used to attack government agencies:
According to a report by security firm Trend Micro, attackers behind Pawn Storm, a long-running espionage campaign, have exploited a zero day vulnerability in Adobe's Flash Player to carry out attacks against several Ministries of Foreign Affairs. Security researchers have reported that so far only the government agencies have been attacked using this new Flash Player vulnerability. However, there's no confirmation if this exploit's targets were only limited to the government offices.
In this most recent campaign of Pawn Storm, several Ministries of Foreign Affairs received spear phishing e-mails. These contain links to sites that supposedly contain information about current events, but in reality, these URLs hosted the exploit. In this wave of attacks, the emails were about the following topics:
“Suicide car bomb targets NATO troop convoy Kabul”
“Syrian troops make gains as Putin defends air strikes”
“Israel launches airstrikes on targets in Gaza”
“Russia warns of response to reported US nuke buildup in Turkey, Europe”
“US military reports 75 US-trained rebels return Syria”
It’s worth noting that the URLs hosting the new Flash zero-day exploit are similar to the URLs seen in attacks that targeted North Atlantic Treaty Organization (NATO) members and the White House in April this year.
Pawn Storm has attacked several ministries recently and has also previously targeted politicians and journalists. In the past Operation Pawn Storm attacked Microsoft devices, and posing as iOS games also targeted iOS users. In some instances, the operation was tied to the Russian government as it was used to spy on Western military officials and members of the media, according to a previous report of the same cybersecurity firm.
Adobe Flash version 18.104.22.168 and 22.214.171.124 are reported to carry this vulnerability, however, it may also affect earlier versions. There is currently no patch available making Flash users vulnerable to attacks. As researchers have reported the flaw to Adobe, the company is expected to release an emergency patch to the affected versions.
- Thanks for the tip, Jesse.