Adobe Flash Player Users Are at Risk. Hackers are exploiting a new Adobe Flash vulnerability to control Windows PCs , II New Adobe Flash critical vulnerability is being exploited in the wild
Adobe Flash has long been the bane of security experts and IT admins worldwide. What started out as a multimedia platform for making rich applications has, over the years, turned into a security nightmare.
Adobe Flash. Reuters.
It’s now been reported that a new zero-day vulnerability for Flash has been discovered and apparently, it’s being exploited by hackers to infect computers in South Korea. As ArsTechnica notes in its report on the matter, researchers haven’t said outright that North Korea is behind the attacks, but it is very likely.
The vulnerability is being exploited by a hacker group that’s been dubbed as Group 123. It spreads via an infected excel file and according to Talos, a security group under Cisco Systems, Group 123 is using social engineering attacks to spread the malware. Talos states that the group is very comfortable with the Korean language and is familiar with the Korean peninsula. The attack can let a hacker take control of an infected system.
Group 123 has not been known to use zero-day vulnerabilities, and previously targeted older, unpatched vulnerabilities.
Adobe has published a security advisory on the matter and indicated that Adobe Flash Player version 28.0.0.137 and earlier are vulnerable. Adobe has stated that the issue will be addressed in a new release planned in the week of 5 February.
A newly discovered critical vulnerability in Adobe Systems Inc.’s Flash player is being actively exploited, possibly by North Korean hackers.
The newly uncovered vulnerability (CVE-2018-4878) exists in recent versions of Flash up to 28.0.0.137 and gives an attacker Remote Code Execution access, which allows them to take control of the affected system.
The attack vector involves a phishing campaign that uses an Excel spreadsheet with an embedded Flash SWF file. Once a victim clicks on the file, the Flash file installs ROKRAT, a remote-access hacking tool discovered in April 2017 that gives the attackers control of the victim’s personal computer.
Despite the first ROKRAT attack last year using a slightly different attack vector, the targets in both cases are exclusively in South Korea, with the attacks being attributed to a hacking group called Group 123.
“Group 123 have now joined some of the criminal elite with this latest payload of ROKRAT,” Talos researchers wrote in a blog post. “They have used an Adobe Flash 0day which was outside of their previous capabilities—they did use exploits in previous campaigns but never a net new exploit as they have done now. This change represents a major shift in Group 123s maturity level, we can now confidentially assess Group 123 has a highly skilled, highly motivated and highly sophisticated group.”
Although North Korea was not directly blamed for the attacks, Ars Technica noted that the hackers speak perfect Korean and at least one South Korean security researcher is claiming that the Flash exploit was “made by North Korea.”
North Korea has been behind many hacking campaigns, motivated by both efforts to steal sensitive data and to profit via the theft of cryptocurrencies. In December, the U.S. government said that the hermit kingdom was behind in the infamous WannaCry ransomware attacks earlier in the year, and a report in September noted that the country was hacking bitcoin exchanges.
There’s no patch available yet for the exploit, though Adobe promises to release one this week. Flash users are advised by multiple sources that the best thing they can do to protect themselves from this exploit and ongoing Flash exploits is to uninstall and stop using Flash altogether.
No comments
Post a Comment