Sunday 26 July 2015

US Government Attacked Via Flash Player Flaw


Several agencies of the US government in June and July attacked via a Flash Player vulnerability that was discovered by the Italian Hacking Team and true at the time of the attacks had no patch yet, says the FBI. Details about the vulnerability were found in the data that were stolen from the Italian surveillance company. However, the break-in at Hacking Team was made ​​public on July 6.

Now, according to information from the FBI's Flash Player flaw had been since June 8 by assailants known and actively used to penetrate US government agencies. Previously had anti-virus company Trend Micro already know that the vulnerability before the disclosure in targeted attacks against targets in Korea and Japan had begun, namely July 1 . The FBI goes in the case for the attacks against US government agencies for two campaigns which probably gathering information aim.

Campaigns

The first phishing campaign took place on 8, 9 and 11 June, the second was observed on July 8, according to a warning that spread the FBI and by Public Intelligence online ( pdf is put). Both attacks emails were sent with a link. The link pointed to an exploit that took advantage of the vulnerability in Flash Player. The attack on July 8, the FBI more information mentioned in the warning. Thus, the government received a spear phishing e-mail with a link to a PDF document. When users opened a website loaded there the link containing JavaScript code. This code then loaded a malicious Flash file that vulnerability in Flash Player attacked to infect your computer with malware.

The spear phishing emails had different topics such as 'BBW Analysis report - 2015', 'Tomorrow Morning New Starts', "Perry Dale Club for Leadership: Financial Literacy 101", "FAS Analysis Report - 2015", "AEP Energy Program Update: 2015 Program Year Kick Off ',' Review Link "and" PLS Account A42660861. All spear phishing emails that were submitted in July had the same sender. The timing of the attack in July is remarkable, because on July 8 wrote poetry namely the vulnerability in Adobe Flash Player version 18.0.0.194 and earlier on an emergency patch . In the warning, the FBI also recorded several IP addresses and domains that were used by the attackers and can help detect a possible attack.

No comments:

Post a Comment