A group of hackers is exploiting a vulnerability in Java to spy on NATO members and governments in Europe, the Middle East and Asia.
The hacking group Pawn Storm, also known as APT28/Sednit, is deploying the zero-day exploit to target media and government organizations, as well as the military.
Antivirus company Trend Micro was the first to notice the zero-day exploit in attacks waged against a U.S. defense organization, as well as an unnamed NATO country's armed forces.
"Throughout our on-going investigation and monitoring of a targeted attack campaign, Operation Pawn Storm, we found suspicious URLs that hosted a newly discovered zero-day exploit in Java," stated Trend Micro.
The targets got phishing emails that had malicious links to fraud pages that were hosting the attack. The emails spread malicious URLs, disguising them as legit links, which directed users to where the Java-based exploit was hosted. Once users accessed the malicious file named JAVA_DLOADR.EFD it delivered a Trojan dropper: TROJ_DROPPR.CXC.
The file would then place TSPY_FAKEMS.C inside the folder "/login user" and it is from here an arbitrary code would be executed to the default Java setting. In this manner the system's security would be compromised.
The hackers Pawn Storm have been reportedly active for the past five years. Security experts are of the opinion that the cyberespionage group operates from Russia and has links with the intelligence services.
The discovered Java-based exploit affects even the current Java version 126.96.36.199, which was released in April per Trend Micro's researchers. However, the older Java 1.6 and Java 1.7 versions are not affected, despite not receiving security patches from Oracle.
Trend Micros has not divulged the NATO countries, as well as the U.S.-based defense organization, which were victims of the Java-based zero-vulnerability exploit. However, the security firm has products that will be able to guard against the problem.
Oracle is aware of the issue and on July 14, patched vulnerability in their July 2015 Critical Patch Update.
Photo: David Restivo | Flickr