According to the experts from Kaspersky Lab, an APT group dubbed ScarCruft exploited a zero day vulnerability (CVE-2016-4171) in Adobe Flash Player. The group launched a series of attacks against high-profile targets against entities in Russia, Nepal, South Korea, China, Kuwait, India and Romania.
The ScarCruft APT exploited two vulnerabilities, a flaw in Flash Player and a Microsoft XML Core Services (MSXML) vulnerability (CVE-2016-0147) affecting Microsoft Windows. This second flaw can be exploited through Internet Explorer, Microsoft issued a security patch in April, but hackers exploited before the fix was released.
The Flash Player flaw CVE-2016-4171 affects versions 21.0.0.242 and earlier for Windows, Mac, Linux and Chrome OS, according to Kaspersky a threat actor behind the “Operation Daybreak” used it in targeted attacks conducted March 2016.
“Currently, the group is engaged in two major operations: Operation Daybreak and Operation Erebus. The first of them, Operation Daybreak, appears to have been launched by ScarCruft in March 2016 and employs a previously unknown (0-day) Adobe Flash Player exploit, focusing on high profile victims.” explained Costin Raiu, director of Global Research and Analysis Team at Kaspersky Lab. “The other one, “Operation Erebus” employs an older exploit, for CVE-2016-4117 and leverages watering holes. It is also possible that the group deployed another zero day exploit, CVE-2016-0147, which was patched in April.”
According to Adobe a security patch will be available as early as June 16.
“Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.”
Kaspersky plans to release more details on the ScarCruft ATP group and its attacks after Adobe will release a patch, fortunately Microsoft EMET is effective for the mitigation of such kind of attacks.
Stay Tuned …
[adrotate banner=”9″]
Security Affairs – (ScarCruft APT, Adobe)
The German agency BSI has sinkholed a botnet composed of 30,000 devices shipped with BadBox…
The U.S. Department of Justice (DoJ) announced the seizure of the cybercrime marketplace Rydox ("rydox.ru"…
The Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states.…
US Bitcoin ATM operator Byte Federal suffered a data breach impacting 58,000 customers, attackers gained…
Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices,…
Operation PowerOFF took down 27 DDoS stresser services globally, disrupting illegal platforms used for launching…
This website uses cookies.