A hacker cartel is using a mysterious Flash vulnerability to steal sensitive business data

[printfriendly]

Hackers are using a mysterious, as yet undiscovered, Flash vulnerability, to steal sensetive business data from Macbook and Windows users, according to researchers at Kaspersky Lab.

Kaspersky Lab revealed the campaign in a threat advisory, warning a hacker group, known as Wild Neutron is using the “unknown Flash Player exploit” to infect companies and private web users with a data siphoning malware.

“The initial infection vector from the 2014-2015 attacks is still unknown, although there are clear indications that the victims are exploited by a kit that leverages an unknown Flash Player exploit,” read the advisory.

The attacks have reportedly targeted businesses involved in law, the Bitcoin cryptocurrency, investment, IT, healthcare, and real estate.

Known targets have been detected in France, Russia, Switzerland, Germany, Austria, Palestine, Slovenia, Kazakhstan, UAE, Algeria, and the United States.

Kaspersky Lab director of global research and analysis team Costin Raiu said Wild Neutron’s wide range of targets is atypical and indicates the attackers are significantly more advanced than most cyber crime groups.

“The group’s targeting of major IT companies, spyware developers (FlexiSPY), jihadist forums (the ‘Ansar Al-Mujahideen English Forum’) and Bitcoin companies indicate a flexible yet unusual mindset and interests,” he said.

The Kaspersky researchers said the sophisticated, multi-platform malware used grants the attackers a variety of power over the infected systems.

These include the ability to shred files, download data, install malware, manipulate computer processes, and collect and send system information to the hackers.

To make things worse, the hackers are reportedly dodging many businesses’ security tools using a code signing certificate stolen from Taiwanese electronics maker Acer.

Certificates act as a signature software packages assuring security products and systems code is safe to install.

It is currently unknown where Wild Neutron is based, though the Kaspersky researchers believe they are the same team responsible for a wave of attacks targeting Apple, Facebook, Twitter and Microsoft in 2013. Kaspersky’s Raiu said the group has been active since at least 2011.

“Wild Neutron is a skilled and quite versatile group. Active since 2011, it has been using at least one zero-day exploit, custom malware and tools for Windows and OS X,” he said.

“Even though in the past it has attacked some of the most prominent companies in the world, it has managed to keep a relatively low profile via solid operational security which has so far eluded most attribution efforts.”

The use of a mysterious, as yet unidentified, flaw is one of many vulnerabilities recently uncovered in Adobe Flash.

In the past fortnight a wave of vulnerabilities have been uncovered in Adobe Flash. Researchers at Trend Micro uncovered a Flash flaw being used by hackers to run an online blackmail scam earlier today.

Targeted attack specialist FireEye reported uncovering another Flash flaw being exploited by a group of hackers known as “Clandestine Fox” in June.

Source: Business Insider

Leave a Reply