There has been a serious breach attacking U.S. State Department and White House computers which contain unclassified, but sensitive information. At the beginning of last week, April 13, hackers began to take advantage of unknown software flaws to carry out cyber-spying campaigns against diplomatic targets in the U.S.
FireEye (News - Alert), Inc. has been working with the agencies tasked with probing these attacks; however, due to the sensitive nature of the information no intelligence could be revealed as to whether or not the spies who breached the State Department and the White House are one and the same.
FireEye is a U.S. network security company whose goal is to provide automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing. FireEye said an advanced persistent threat campaign originating from Russia has been exploiting zero-day vulnerabilities in both Adobe (News - Alert) Flash and Microsoft Windows.
A zero-day, or zero-hour, or day zero attack or threat is an attack that exploits a previously unknown vulnerability in a computer application or operating system. It is one that developers have not had time to address and create a patch. It is called a "zero-day" because the programmer has had zero days to fix the flaw. Of course, once a patch becomes available, it is no longer a "zero-day exploit."
The Russian group responsible is known as APT28. Last year in October, FireEye released a report in which it detailed the activities of the Russian hacking group. APT28 has been in operation since 2007 and its focus appears to be on targeting U.S. defense and military contractors, NATO officials, as well as others.
ZDNet describes the two exploits as follows;
- CVE-2015-3043 Adobe Flash exploit: it is triggered when a victim clicks on a link to a malicious website controlled by attackers. A HTML/JS launcher serves the exploit, which then executes shellcode and runs an executable payload in a Windows system, delivered based on whether the system is Windows 32 or 64bits.
- CVE-2015-1701 Windows flaw, is a local privilege escalation vulnerability. The exploit executes a callback using the flaw to pull data from the system process before executing code through escalated privileges and by running code through the kernel, an attacker is able to modify their stolen system tokens to have the same privileges as the System process.
- Adobe Flash exploit triggers the Windows flaw
According to FireEye, there is already a fix from Adobe for the Flash security weakness. This means that if you are using the most current version of Flash your system should be protected. On the other hand, a Microsoft (News - Alert) spokesman said that the company was in the process of coming up with a patch. Apparently, the Microsoft problem by itself is less dangerous, so with the Adobe patch already in place, it should mean that all systems are secure. It should be noted that Microsoft says that the vulnerability does not affect Windows 8 or later.
Edited by Dominick Sorrentino