Russian Hackers APT 28 Exploit Windows And Flash Flaws To Target Governments

Menchie Mendoza, Tech Times 21 April 2015, 06:04 am

A report published by U.S. security firm FireEye revealed that a Russian hacking group has been taking advantage of the flaws found in Adobe Flash and the Microsoft Windows OS in order to gather information about governments. Other targets include military and security organizations and other groups with diplomatic ties, which are believed to be valuable to the Russian government.

According to FireEye, the group known as APT 28 launched an attack on April 13 against an international government entity by utilizing the recently disclosed flaws in the said Adobe and Microsoft software. The attackers sent out a link to unsuspecting victims which, when clicked, would lead them to a website, eventually making their PC vulnerable to future attacks.

At first, the group used a vulnerability in the Flash player found in Adobe Systems known as CVE-2015-3043. Next, they used the vulnerability found in Microsoft identified as CVE-2015-1701 in order to gain higher privileges on one's PC.

"Attackers are using a pair of zero day exploits (one in Adobe Flash, one in Windows) to target a specific foreign government organization," said FireEye on its blog. "While we're not able at this time to comment on the shape of the victim organizations, we can say these attacks have markers consistent with those reported in our recent APT 28 report. Adobe released a patch for their software on Tuesday and Microsoft is working on a fix."

FireEye said in a white paper they released in 2014 that APT 28 had launched attacks against military and political organizations beginning in 2007. Other targets that the Kremlin have special interest in include the NATO alliance offices and government officials in Georgia. In these attacks, the group had reportedly gathered "malware samples with Russian language settings during working hours consistent with the time zone of Russia's major cities, including Moscow and St. Petersburg."

The APT 28 used the same tools and hit the same targets performed by the Pawn Storm hackers that were described by security firm Trend Micro in a separate report. According to the company, the Pawn Storm hacking group recently increased their activity and targeted bloggers who conducted interviews with President Barack Obama. There is also speculation that the group had stolen online credentials of a military correspondent of an unnamed major publication in the U.S.

The exploit that is being utilized by the APT 28 is deemed useless as long as users have upgraded their Flash software into its latest version. Administrators are then advised to get the needed patch to avoid rendering their systems vulnerable to an attack.

In the case of Microsoft, the problem seemed to be less dangerous since it would need "enhanced powers" on a PC, something that an ordinary user would not have under normal conditions.

Photo: Quentin Meulepas | Flickr