Russian Hackers Use Flash Zero-Day Flaws

Chinese hacker groups were among first to target networks isolated from Internet, so-called air-gapped networks that are not directly connected to the Internet, according to FireEye. And now there has been a fresh attack by a long-known hacking group suspected to be linked with Russia. 

The computer security firm FireEye wrote that the group, called APT 28, attacked an "international government entity", using two recently disclosed software flaws, one of which has not been patched.

The attack sought to trick victims into clicking on a link that led to a website which attacked their computer. It first used a vulnerability in Adobe Systems' Flash player, CVE-2015-3043, then used a still unpatched Microsoft vulnerability, CVE-2015-1701, to gain higher privileges on a computer.

In a white paper released last year, FireEye said APT 28 had conducted attacks against political and military-related organizations since at least 2007. The group compiles "malware samples with Russian language settings during working hours consistent with the time zone of Russia's major cities, including Moscow and St. Petersburg."

The malware delivered in the latest attack is very similar to CHOPSTICK, a backdoor known to be used by APT 28. In fact, the malware delivered in the latest attack used the same RC4 encryption key that was used by CHOPSTICK, FireEye said.

Computerworld

 

« Gang Warfare: Hacking Groups Clash In Cyberspace
US Army Shares Cyber Warriors with Hollywood & Wall Street »

Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

HackerStorm

HackerStorm

HackerStorm provides vulnerability research, advisories and tools to help improve the success of your penetration testing.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

CloudLayar

CloudLayar

CloudLayar is a cloud-based website firewall for protecting your website against online threats.

Northwave

Northwave

Northwave is 100% focused on providing integrated high quality information security services.

Pöyry

Pöyry

Pöyry is an international consulting and engineering company. We provide services across the full project lifecycle, solving complex challenges faced by the world’s toughest industries.

Hardenite

Hardenite

Hardenite solution helps R&D, DevOps and IT teams to continuously manage security risks and hardening efforts of any Linux OS – based product, throughout the product life cycle.

VS Security Products

VS Security Products

VS Security Products design, manufacture and sell the most extensive range of degaussers and data destroyers on the market, suitable for all types of magnetic media.

Automox

Automox

Remediate vulnerabilities 30X faster than the industry norm – and dramatically reduce your risk with simple, fast, and cloud-native endpoint hardening from Automox.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.