Cyber Crime

ScarCruft APT Group exploited Flash Zero-Day in High-Profile attacks

Security experts from Kaspersky Lab revealed that an APT group dubbed ScarCruft exploited the zero day vulnerability (CVE-2016-4171) in Adobe Flash Player.

According to the experts from Kaspersky Lab, an APT group dubbed ScarCruft exploited a zero day vulnerability (CVE-2016-4171) in Adobe Flash Player. The group launched a series of attacks against high-profile targets against entities in Russia, Nepal, South Korea, China, Kuwait, India and Romania.

The ScarCruft APT exploited two vulnerabilities, a flaw in Flash Player and a Microsoft XML Core Services (MSXML) vulnerability (CVE-2016-0147) affecting Microsoft Windows. This second flaw can be exploited through Internet Explorer, Microsoft issued a security patch in April, but hackers exploited before the fix was released.

The Flash Player flaw CVE-2016-4171 affects versions 21.0.0.242 and earlier for Windows, Mac, Linux and Chrome OS, according to Kaspersky a threat actor behind the “Operation Daybreak” used it in targeted attacks conducted March 2016.

“Currently, the group is engaged in two major operations: Operation Daybreak and Operation Erebus. The first of them, Operation Daybreak, appears to have been launched by ScarCruft in March 2016 and employs a previously unknown (0-day) Adobe Flash Player exploit, focusing on high profile victims.” explained Costin Raiu, director of Global Research and Analysis Team at Kaspersky Lab. “The other one, “Operation Erebus” employs an older exploit, for CVE-2016-4117 and leverages watering holes. It is also possible that the group deployed another zero day exploit, CVE-2016-0147, which was patched in April.”

According to Adobe a security patch will be available as early as June 16.

“Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.”

Kaspersky plans to release more details on the ScarCruft ATP group and its attacks after Adobe will release a patch, fortunately Microsoft EMET is effective for the mitigation of such kind of attacks.

Stay Tuned …

[adrotate banner=”9″]

Pierluigi Paganini

Security Affairs –  (ScarCruft APTAdobe)

 

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox

The German agency BSI has sinkholed a botnet composed of 30,000 devices shipped with BadBox…

10 hours ago

U.S. authorities seized cybercrime marketplace Rydox

The U.S. Department of Justice (DoJ) announced the seizure of the cybercrime marketplace Rydox ("rydox.ru"…

19 hours ago

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

The Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states.…

23 hours ago

US Bitcoin ATM operator Byte Federal suffered a data breach

US Bitcoin ATM operator Byte Federal suffered a data breach impacting 58,000 customers, attackers gained…

1 day ago

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices,…

2 days ago

Operation PowerOFF took down 27 DDoS platforms across 15 countries

Operation PowerOFF took down 27 DDoS stresser services globally, disrupting illegal platforms used for launching…

2 days ago

This website uses cookies.