Last week, CERT of South Korea recognized a exploit in Adobe Flash 28.0.0.137 (and all previous versions of course) which could allow remote code execution in Windows, macOS, Linux and Chrome OS.
Adobe soon after announced in a security bulletin that it would patch the vulnerability in a release scheduled for release this week. ...on time, only how the exploit is released...
The researchers Cisco's Talos division stated that the payload contained in an Excel was ROKRAT and refers to Group 123.
"Το Group 123 έχει ενώσει μερικά hacking ελίτ σε αυτό το τελευταίο ωφέλιμο φορτίο του ROKRAT.
Έχουν χρησιμοποιήσει ένα Zero Day του Adobe Flash που ήταν εκτός των προηγούμενων δυνατοτήτων τους - χρησιμοποίησαν exploits σε προηγούμενες καμπάνιες αλλά ποτέ δεν είχαν ένα καθαρά νέο exploit όπως έχουν κάνει τώρα ", αναφέρουν οι ερευνητές του Talos Warren Mercer και Paul Rascagneres.
"Αν και στο Talos δεν έχουμε καμία information for victims, we suspect that the victim was a very specific and high-value target. Using a brand new exploit that didn't exist shows that they were very determined to succeed attack."
FireEye, on the other hand, said the malware file should come from North Korea, known as TEMP.Reaper.
While Adobe suggests that administrators could use Protected View for Office to protect them, FireEye stressed that it is very likely that we will see more attacks until the vulnerability is repaired.
Last July, Adobe announced it would stop supporting Flash on 2020, with Microsoft claiming to completely remove Flash support from Windows in the same year.
- Binary Option Trading: Scam or minimize risks?
- Intel: Finally in BIOS from 2020. An improved UEFI comes in