Russian hackers exploit vulnerabilities in Flash, Windows, to spy on gov't officials
Researchers at the FireEye security company have issued a report stating that Russian hackers took advantage of vulnerabilities in Adobe Flash and Windows to conduct surveillance on military contractors, diplomats, and other targets.
FireEye identifies the hackers as members of APT 28, an "advanced persistent threat" believed to have been active since at least 2007, and outed in October. It reached this conclusion via "correlation of technical indicators and command and control infrastructure" between APT 28's efforts and these latest exploits.
The company previously said that APT 28 can be linked to a government sponsor based in Moscow. Its targets include European security organizations, NATO officials, the Republic of Georgia, and other Russian interest groups.
This is the second government-sponsored espionage attempt revealed by FireEye in the last week. The first tracked a group dubbed APT 30, which is suspected of having ties to the Chinese government. As I previously wrote:
The group’s targets possess 'information that most likely serves the Chinese government’s needs for intelligence about key Southeast Asian regional political, economic, and military issues, disputed territories, and discussions related to the legitimacy of the Chinese Communist Party,' FireEye claims.
Yet the company is careful to note that it’s hard to attribute such campaigns. 'There’s no smoking gun that shows this is a Chinese government operation, but all signs point to China,' FireEye’s Bryce Boland told TechCrunch. 'There’s huge intellectual property development in Asia — that’s the new battleground.' FireEye has not yet revealed APT 28's latest targets to the public. It said in a blog post that the attacks were first noticed on April 13. Its initial report on APT 28 was published in October 2014.
Adobe has reportedly fixed the vulnerability that allowed the hackers to exploit its Flash tool (yes, that's still a thing) in their attacks. Microsoft is said to know of the problem and is reportedly planning a fix to the Windows vulnerability.
[illustration by Brad Jonas]