Hackers are exploiting zero-day flaw in fully patched Adobe Flash
Adobe has released on Tuesday security updates that address multiple vulnerabilities in Reader, Acrobat, and Flash Player. Unfortunately, among the holes plugged in Flash isn’t a zero-day vulnerability that is currently being exploited in the wild by the so-called Pawn Storm attackers.
These hackers are known for their high-profile targets, and in this most recent campaign they are targeting foreign affairs ministries from around the globe.
It is widely believed that the group consists of Russian hackers, but it’s impossible to say whether their work has been sanctioned by the Russian government.
They are known for exploiting zero-day vulnerabilities in popular software, and hitting governmental targets – NATO members, the White House (to name just a few).
These latest attacks take the form of phishing emails that contained links to the Flash exploit.
“The emails and URLs were crafted to appear like they lead to information about current events,” Trend Micro researchers noted. The subject lines included news snippets about happenings in Syria, Gaza, Turkey, and Afghanistan.
“Foreign affairs ministries have become a particular focus of interest for Pawn Storm recently. Aside from malware attacks, fake Outlook Web Access (OWA) servers were also set up for various ministries. These are used for simple, but extremely effective, credential phishing attacks,” the researchers explained. “One Ministry of Foreign Affairs got its DNS settings for incoming mail compromised. This means that Pawn Storm has been intercepting incoming e-mail to this organization for an extended period of time in 2015.”
The exploited vulnerability is present in Flash versions 19.0.0.185 and 19.0.0.207 (the latest), and Adobe is working on patching it as we speak.
While most users are not in danger from this highly targeted campaign, it’s just a matter of time until the exploit begins to be used by other cyber attackers or is incorporated in a popular exploit kit.