Skip to main content

Hackers Targeting New Flash Vulnerability

by Dennis Fisher on Wednesday February 7, 2018

Contact Us
Free Demo

Attackers with ties to North Korea are using a critical vulnerability in Adobe Flash in a new targeted attack campaign.

The vulnerability is in all versions of Flash from downward, and researchers say it is being used by an attack group that is known to install malware that can erase data on compromised machines. The attackers behind the campaign have run attacks against a variety of high-value targets in the past, researchers say.

“We assess that the actors employing this latest Flash zero-day are a suspected North Korean group we track as TEMP.Reaper. We have observed TEMP.Reaper operators directly interacting with their command and control infrastructure from IP addresses assigned to the STAR-KP network in Pyongyang,” researchers at FireEye said in an analysis of the attacks.

“The STAR-KP network is operated as a joint venture between the North Korean Government's Post and Telecommunications Corporation and Thailand-based Loxley Pacific. Historically, the majority of their targeting has been focused on the South Korean government, military, and defense industrial base; however, they have expanded to other international targets in the last year. They have taken interest in subject matter of direct importance to the Democratic People's Republic of Korea (DPRK) such as Korean unification efforts and North Korean defectors.”

FireEye’s researchers said that the attackers are using rigged spreadsheets or documents to deliver the exploit for the Flash vulnerability.

“Upon opening and successful exploitation, a decryption key for an encrypted embedded payload would be downloaded from compromised third party websites hosted in South Korea. Preliminary analysis indicates that the vulnerability was likely used to distribute the previously observed DOGCALL malware to South Korean victims,” FireEye’s researchers said.

Adobe has released a fix for the vulnerability, and users should install the patch as soon as possible.

Tags:  Vulnerabilities

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.