April 21, 2015

Flaws in Adobe Flash and Windows OS Are Exploited by Russian Cyber Criminals

There has been a serious breach attacking U.S. State Department and White House computers which contain unclassified, but sensitive information. At the beginning of last week, April 13, hackers began to take advantage of unknown software flaws to carry out cyber-spying campaigns against diplomatic targets in the U.S.

FireEye (NewsAlert), Inc. has been working with the agencies tasked with probing these attacks; however, due to the sensitive nature of the information no intelligence could be revealed as to whether or not the spies who breached the State Department and the White House are one and the same.

FireEye is a U.S. network security company whose goal is to provide automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing. FireEye said an advanced persistent threat campaign originating from Russia has been exploiting zero-day vulnerabilities in both Adobe (NewsAlert) Flash and Microsoft Windows.

A zero-day, or zero-hour, or day zero attack or threat is an attack that exploits a previously unknown vulnerability in a computer application or operating system. It is one that developers have not had time to address and create a patch. It is called a "zero-day" because the programmer has had zero days to fix the flaw. Of course, once a patch becomes available, it is no longer a "zero-day exploit."

The Russian group responsible is known as APT28. Last year in October, FireEye released a report in which it detailed the activities of the Russian hacking group. APT28 has been in operation since 2007 and its focus appears to be on targeting U.S. defense and military contractors, NATO officials, as well as others.

ZDNet describes the two exploits as follows;

  • CVE-2015-3043 Adobe Flash exploit: it is triggered when a victim clicks on a link to a malicious website controlled by attackers. A HTML/JS launcher serves the exploit, which then executes shellcode and runs an executable payload in a Windows system, delivered based on whether the system is Windows 32 or 64bits.
  • CVE-2015-1701 Windows flaw, is a local privilege escalation vulnerability. The exploit executes a callback using the flaw to pull data from the system process before executing code through escalated privileges and by running code through the kernel, an attacker is able to modify their stolen system tokens to have the same privileges as the System process.
  • Adobe Flash exploit triggers the Windows flaw

According to FireEye, there is already a fix from Adobe for the Flash security weakness. This means that if you are using the most current version of Flash your system should be protected. On the other hand, a Microsoft (News Alert) spokesman said that the company was in the process of coming up with a patch. Apparently, the Microsoft problem by itself is less dangerous, so with the Adobe patch already in place, it should mean that all systems are secure. It should be noted that Microsoft says that the vulnerability does not affect Windows 8 or later.

Edited by Dominick Sorrentino


HTML 5 Demos and Examples

HTML 5 experimentation and demos I've hacked together. Click on the browser support icon or the technology tag to filter the demos.... Learn More

HTML5 GAMES is the largest and most comprehensive directory of HTML5 games on the internet... Learn More

The HTML5 test

How well does your browser support HTML5?... Learn More

Working Draft (WHATWG)

This is the Editor’s Draft from WHATWG. You can use it online or print the available PDF version... Learn More

HTML5 Flip Book

Free jQuery and HTML5 flip book maker for PDF to online page turning book conversion... Learn More