Trend Micro guys are at it again! Barely a week has gone by since they discovered a brand new zero-day flash exploit which is being used in a Pawn Storm campaign. This exploit is targeting high-level foreign ministry establishments more so in the Ukraine.
According to Trend Micro, Pawn Storm in the past couple of years has been associated with in a long-involving cyber espionage missions. The current mission has been designed and aimed at high-flying targets which include zero-day exploits.
In face of the threat posed by this exploit, Adobe has gone ahead and released a security alert whose code is CVE-2015-7645. Adobe has gone a step further and released a news alert in APSB15-27 in order to adequately tackle this issue.
In its most recent endeavor, Pawn Storm is seen to target high-profile foreign affairs ministries around the world. These ministries received spear phishing emails which had links which led to the exploit. These emails and URLs were designed such that one would easily have assumed they led to a news site on current world happenings. The subject of these emails would look something like;
“NATO convoy in Kabul targeted by a suicide bomber”
“Israel targets Gaza with its latest airstrikes”
“Russia warns of serious consequences to reported US nuke project in Turkey”
“Over 100 US-trained rebels return to Syria – US military reports”
North Atlantic Treaty Organization (NATO) members and the White House were the targets of a cyber attack barely a year ago. Not surprisingly, the URLs employed then are similar to the ones used to host the Flash zero-day exploits today.
The distressing thing about this exploit is that it literally affects all Flash versions and Adobe has not yet found a patch for it. The one plausible solution is to uninstall Flash. However, Adobe promises to have found a solution within the next few days but until then, you will have to learn to hack it on your own.
Pawn Storm is complicated because it employs spear phishing technology extensively. In short, this group of cyber criminals is sophisticated but on the other hand, they are employing the basic tricks while phishing. And this definitely is working for them!