Hackers are using a Flash flaw in fake document in new spying campaign

Discussion in 'other security issues & news' started by hawki, Mar 16, 2018.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,077
    Location:
    DC Metro Area
    "Hackers are using a Flash flaw in fake document in this new spying campaign

    The payload is delivered via phishing emails about a real defence conference - but nothing happens until the target scrolls down to the third page...

    The latest campaign by the Fancy Bear group - also known as Sofacy and APT28 and believed to be linked to the Kremlin - has been uncovered by researchers at security company Palo Alto Networks, who observed a campaign taking place on March 12 then again on March 14...

    In these attacks, the Sofacy group are employing an updated version of DealersChoice, a platform designed to exploit a Flash vulnerability in order to stealthily deliver a malicious payload in the form of trojan malware.

    The updated incarnation of DealersChoice contains a new evasion technique which researchers say hasn't been observed before - the Flash object only loads when a specific page of the malicious document used to do delivery the attack is viewed..."

    http://www.zdnet.com/article/hacker...in-fake-document-in-this-new-spying-campaign/
     
    hawki, Mar 16, 2018
    #1
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,593
    Location:
    U.S.A.
    itman, Mar 16, 2018
    #2
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I for one (and others should be too) am tickled pink Russians are as sharp as a whistle when it comes to pencil pointing their way into windows systems. With so much haste and cleverness to their approaches they are actually exposing all the tons of weaknesses that are just sitting there waiting to be cracked next, which in turn forces us/somebody/vendors (not Microsoft obviously) to take effort to sew up and seal those wide open channels of code obviously easily manipulated.

    [a new evasion technique which researchers say hasn't been observed before]

    Who could forget the Russian coolwebsearch that used to give PC's fits and the hijacking of Explorer.exe which eat up half my life helping people pull that stuff out of their systems. Windows is tightened way way up since then but like the article suggests, as long as there are FILES/EXTENTIONS that depend upon the system to perform, they and others seem to always find another loophole that brings out how soft windows coding can be.

    In My Own Opinion and Observations to date.
     
    EASTER, Mar 16, 2018
    #3
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...