Researchers from antivirus provider Trend Micro said in a blog post published on Tuesday that the attackers behind Pawn Storm are using a new Adobe Flash zero-day exploit in their latest campaign. TrendMicro has been monitoring the campaign for a few time. Several Ministries of Foreign Affairs have been attacked using the leak. Those emails contain links to websites hosting the exploit, and so when a user with flash installed clicks on the link, the malware is installed on their computer. The phishing mails have subjects such as “Suicide vehicle bomb targets North Atlantic Treaty Organisation troop convoy Kabul”, “Syrian troops make gains as Putin defends airstrikes”, “Israel launches airstrikes on targets in Gaza”, “Russia warns of response to reported USA nuke buildup in Turkey, Europe” and “US military reports 75 US-trained rebels return Syria”.
“Foreign affairs ministries have become a particular focus of interest for Pawn Storm recently”, added the firm.
Besides malware attacks, fake Outlook Web Access (OWA) servers were also established for various ministries, which are used for simple, but very effective, credential phishing attacks. Trend Micro suggests that one ministry found that its DNS settings for incoming email had been compromised as a result.
The CVE-2015-5569 to CVE-2015-7644 updates are all listed as critical, and most of the vulnerabilities could lead to code execution.
All the patches are deemed “critical” because they could allow a remote attacker to take control of a system.
What’s worse is that although Adobe has already released a new version of Flash Player supposed to fix a number of security vulnerabilities, the zero-days used in this new campaign are said to be left unpatched, which means that the only way to stay secure for the moment is to avoid clicking links that come from unknown sources.
Adobe has since fixed the Hacking Team bugs in a large patch last month, but as this current patching cycle illustrates, researchers continue to find vulnerabilities in Flash by the dozens.
Adobe released a further 13 fixes for Flash Player for Windows, Mac, Chrome OS and Linux.