Once again Flash in the headlines, beware next emergency Flash Player update is critical for everybody as explained by the experts at Trend Micro.
The researchers at the security firm explained that the update will fix a vulnerability that has been exploited in the wild by the notorious Pawn Storm APT in targeted phishing attacks against government entities, in particular several foreign affairs ministries across the world. In October 2014, the experts at Trend Micro discovered a cyber espionage operation targeting military, government and media agencies on a global scale. The researchers collected evidence that the threat actors behind the operation, dubbed Operation Pawn Storm, have been active since at least 2007 and are still running several attacks worldwide.
The researchers explained that the zero-day exploited by the Pawn Storm works with Adobe Flash Player versions 22.214.171.124 and 126.96.36.199, this means that the flaw affects most current versions of the software. Other versions not listed could be vulnerable, as remarked by Trend Micro.
The Phishing email sent by the threat actors to “several ministries of foreign affairs” include links to websites hosting the exploit. The researchers at Trend Micro have discovered that most of the emails have the following subjects:
The experts noticed that the URLs hosting the new Flash zero-day exploit are similar to the URLs that were used in the attacks that targeted North Atlantic Treaty Organization (NATO) members and the White House in April 2015.
“Foreign affairs ministries have become a particular focus of interest for Pawn Storm recently. Aside from malware attacks, fake Outlook Web Access (OWA) servers were also set up for various ministries. These are used for simple, but extremely effective, credential phishing attacks. One Ministry of Foreign Affairs got its DNS settings for incoming mail compromised. This means that Pawn Storm has been intercepting incoming e-mail to this organization for an extended period of time in 2015.” concludes the report.
Trend Micro notified Adobe about the zero-day and is currently working with them to fix the security issue.
(Security Affairs – Operation Pawn Storm, cyber espionage)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.