Wednesday, May 22, 2024
-Advertisement-
Reimagining Public Sector Analytics
Reimagining Public Sector Analytics
HomeNewsCyber SecurityNorth Korean group behind Adobe Flash Zero-Day vulnerability: FireEye

North Korean group behind Adobe Flash Zero-Day vulnerability: FireEye

Follow Tech Observer on Google News

FireEye said that North Korean group seems to behind Adobe Flash zero-day vulnerability

Google News

Cybersecurity firm said that group seems to behind vulnerability which was highlighted by KISA (KrCERT) on January 31 and confirmed by Adobe on February 1. Unlike most other industry sources on this, FireEye is linking this Zero-day to North Korea. “We assess that the actors employing this latest Flash zero-day are a suspected North Korean group we track as TEMP.Reaper,” said firm.

“We believe the actors behind this latest Flash zero-day are a North Korean group we track as Reaper. We have high confidence that Reaper is a North Korean group as we have seen them mistakenly upload data to command and control server from North Korean IP space. The majority of their targeting has been South Korea focused, targeting the government, military, and defense industrial base as well as other industry. They have also taken an interest in predictable North Korean interests such as unification efforts and defectors,” said John Hultquist, Director of Intelligence Analysis, FireEye.

“This is one of the North Korean actors we have been concerned about with respect to the Olympics. They could be leveraged to gather information and possibly carry out attack. We have connected attacks to other North Korean actors, but we have not seen this actor engage in disruptive or destructive activity. Though we have not seen them execute it, we have seen these actors deploy wiper malware,” he added.

On Jan. 31, KISA (KrCERT) published an advisory about an Adobe Flash zero-day vulnerability being exploited in the wild. On Feb. 1, Adobe issued an advisory confirming the vulnerability exists in Adobe Flash Player 28.0.0.137 and earlier versions, and that successful exploitation could potentially allow an attacker to take control of the affected system.

FireEye wrote in a blog that they have observed TEMP.Reaper operators directly interacting with their command and control infrastructure from IP addresses assigned to the STAR-KP network in Pyozngyang. The STAR-KP network is operated as a joint venture between the North Korean Government's Post and Telecommunications Corporation and Thailand-based Loxley Pacific. Historically, the majority of their targeting has been focused on the South Korean government, military, and defense industrial base; however, they have expanded to other international targets in the last year. They have taken interest in subject matter of direct importance to the Democratic People's Republic of Korea (DPRK) such as Korean unification efforts and North Korean defectors.

FireEye said that analysis of the exploit chain is ongoing, but available information points to the Flash zero-day being distributed in a malicious document or spreadsheet with an embedded SWF file. Upon opening and successful exploitation, a decryption key for an encrypted embedded payload would be downloaded from compromised third party websites hosted in South Korea. Preliminary analysis indicates that the vulnerability was likely used to distribute the previously observed DOGCALL malware to South Korean victims.

Adobe stated that it plans to release a fix for this issue the week of Feb. 5, 2018. Until then, we recommended that customers use extreme caution, especially when visiting South Korean sites, and avoid opening suspicious documents, especially Excel spreadsheets. Due to the publication of the vulnerability prior to patch availability, it is likely that additional criminal and nation state groups will attempt to exploit the vulnerability in the near term.

Get the day's headlines from Tech Observer straight in your inbox

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
M Kalam
M Kalam
M Kalam covers technology and e-goverance for TechObserver.in.
- Advertisement -
EmpowerFest 2024
EmpowerFest 2024
EmpowerFest 2024
EmpowerFest 2024
- Advertisement -EmpowerFest 2024
- Advertisement -Education Sabha
- Advertisement -Veeam
- Advertisement -Reimagining Public Sector Analytics
- Advertisement -ESDS SAP Hana

Subscribe to our Newsletter

83000+ Industry Leaders read it everyday

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -

Diversity requires transforming workplaces for women in decision-making: Hanna Strömgren Khan

Achieving substantial change requires more than just investing in female entrepreneurs. It demands transforming workplace environments to support the rise of mom-CEOs and ensuring that women have a rightful place at the decision-making table, says Hanna Strömgren Khan of The Bozzil Group.

RELATED ARTICLES