Cisco and FireEye Pointing Finger at North Korea Hacking Group For Adobe Flash 0-Day In The Wild

Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary:
A must-read story from securityaffairs.co notes that an interesting
According to Cisco and FireEye security researchers, North Korean hacking groups are behind the attacks exploiting the recently discovered Adobe Flash 0-Day vulnerability
There have been over 1,000 Adobe Flash vulnerabilities since it was released. Designed to simplify website development and deliver other features not available with standard web browsers, this adds complexity and broader scope of an attack. Web browsers no longer support Flash by default, but users often re-enable it for convenience. Just installing it on your system is enough to make this latest zero-day Adobe Player exploit available.
KISA, South Korea CERT released a security bulletin on January 31, 2018, warning that the “free to use” vulnerability in Adobe Flash Player is widely exploited. The next day, Adobe released security advisory APSA18-01, confirming that CVE-2018-4878 is a potential remote code vulnerability and announced plans to release a security patch on February 5, 2018. The attack is on a malicious SWF file in a Microsoft Office or Hancom Hangul document or spreadsheet. Once opened, the victim’s computer will execute malicious SWFs through Adobe Flash if installed.
FireEye said: “After being open and successfully utilized, the encryption key to encrypt the embedded payload will be downloaded from the compromised Korean third-party website.
The embedded load is likely to be DOGCALL malware, which helps to install ROKRAT commands and control Trojans, allowing remote attackers to access the victim’s system.
Experts warn that users should be very careful about opening unexpected spreadsheet and document files while waiting for a patch from Adobe on February 5. In fact, for any unexpected or suspicious files, especially those that support embedding, you should always be on your guard to hide all kinds of malware. You should also strongly consider uninstalling Adobe Flash. Even if it is disabled in your browser, simply installing it on your system is sufficient to allow the latest exploit to execute successfully. Maybe you do not need Adobe Flash anymore. As Sophos explains,
“The most common requirement we hear is watching online video, but if you do not have Flash, almost all websites use HTML5 as a video. If you uninstall it, your browser will use its built-in video player – so you probably do not need Flash at all. ”
Both Cisco and FireEye are investigating and warned that the North Koreans they’ve been tracking may lag behind this latest attack. Known by FireEye as TEMP.Reaper, Cisco calls Group 123 and groups that have ties with North Korea were very active in 2017.
FireEye said: “Historically, most of their goals are focused on the Korean government, military and defense industrial bases, however, last year they have expanded to other international goals.”
In addition to expanding its targets, hackers also seem to be expanding their skills to deploy disruptive wiper malware and command and control Trojan horses using a variety of different technologies.
In the past few years, North Korea has had many accusations of hacking. With the tense situation in 2017 and the upcoming Olympic Games in South Korea this month, there are many opportunities and potential motivations for some important things. This latest attack shows that this hacker group is ready to take advantage of these opportunities.
Read more…
According to security researchers at Cisco and FireEye a North Korea Hacking Group is behind the attacks that exploited the recently discovered Adobe Flash 0-Day vulnerability. There have been over 1,000 Adobe Flash vulnerabilities since it was released. Designed to make website development easier and providing additional features not supported by standard web browsers, it also adds Engaging post, Read More…
thumbnail courtesy of securityaffairs.co
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post
The post Cisco and FireEye Pointing Finger at North Korea Hacking Group For Adobe Flash 0-Day In The Wild appeared first on Safe Harbor on Cyber.