Russian Hackers Leveraged Adobe & Windows Zero-Day Vulnerabilities

Russian Hackers Leveraged Adobe & Windows Zero-Day Vulnerabilities

Researchers at security firm FireEye have recently detected a limited APT campaign exploiting zero-day vulnerabilities in Adobe Flash and Microsoft Windows. 

Cyber espionage group "APT28" is believed to be behind this APT campaign.

ATTACK SCENARIO

When a user clicks on a link to an attacker controlled website, it will direct the user to a page that hosts a Flash exploit (CVE-2015-3043) and then executes the shell code. The shellcode then downloads and runs an executable payload that exploits the local privilege escalation (CVE-2015-1701) to steal system token (if it detects it is running with limited privileges) .

CVE-2015-1701 does not affect Windows 8 and later.

Fireeye Labs said in a blog post, "This exploit delivers a malware variant that shares characteristics with the APT28 backdoors CHOPSTICK and CORESHELL malware families, both described in our APT28 whitepaper.  The malware uses an RC4 encryption key that was previously used by the CHOPSTICK backdoor."

Adobe patched the vulnerability (CVE-2015-3043) in APSB15-06. But, the Microsoft is still working on a fix.  

Get in-depth information about this APT campaign from FireEye Here.

No comments

Powered by Blogger.