Adobe Flash Zero-Day Discovered Being Used By Russia-Linked Hacking Group Pawn Storm
LONDON -- Researchers have discovered that a serious flaw affecting fully-patched versions of Adobe's popular Flash software is being used by a hacking group linked to the Russian government known as Pawn Storm.
Flash is one of the most exploited pieces of software by hacking groups and Adobe is continually working to push patches for its software to protect customers. While the current campaign is only targeting very specific individuals, the zero-day could be used by the wider cybercriminal community to target the mass market.
According to researchers Brooks Li, Feike Hacquebord, and Peter Pi at Trend Micro, the current zero-day -- a previously unknown vulnerability in a piece of software -- affects at least Adobe Flash Player versions 19.0.0.185 and 19.0.0.207, but could also affect earlier versions. Adobe has been notified about the new vulnerability and is working with the researchers to address the problem.
The Pawn Storm group, which targets high-profile political targets in countries like the U.S., Russia, Ukraine and the U.K., has been linked to the Russian government, but without conclusive proof due to the technical difficultly of attribution in cyberattacks.
In its most recent campaign, the group targeted several Ministries of Foreign Affairs from around the globe, according to Trend Micro. The targets received spear phishing emails that contained links leading to the exploit. The emails and URLs were crafted to appear like they led to information about current events, with the email subjects containing the following topics:
- “Suicide car bomb targets NATO troop convoy Kabul”
- “Syrian troops make gains as Putin defends air strikes”
- “Israel launches airstrikes on targets in Gaza”
- “Russia warns of response to reported US nuke buildup in Turkey, Europe”
- “US military reports 75 US-trained rebels return Syria”
The group previously targeted NATO and the White House, and in one recent attack it was able to compromise the email server of one Ministry of Foreign Affairs and intercept all emails coming into and out of the office.
Flash has long been seen by security researchers as a major security risk and most advise users to disable it altogether. However, despite its numerous issues, Flash persists and many popular websites, including HBO, Spotify and the BBC still require users to have Flash enabled for their desktop sites to work properly -- giving hackers a big attack surface to compromise users.
© Copyright IBTimes 2024. All rights reserved.