Adobe released security updates Tuesday that address multiple vulnerabilities in Reader, Acrobat, and Flash Player, but it did not fix a Zero Day currently undergoing exploitation.
The Pawn Storm attacker group, which is suspected to be using the Zero Day attack, in its most recent campaign targeted foreign affairs ministries from around the globe.
Adobe Patches Flash Player Vulnerabilities
Adobe Fixes Shockwave Holes
Adobe Patches ColdFusion Vulnerability
Adobe Issues Hotfix
Researchers said the group consists of Russian hackers. These latest attacks take the form of phishing emails that contained links to the Flash exploit.
“The emails and URLs were crafted to appear like they lead to information about current events,” said researchers at Trend Micro. The subject lines included news snippets about happenings in Syria, Gaza, Turkey, and Afghanistan.
“Foreign affairs ministries have become a particular focus of interest for Pawn Storm recently. Aside from malware attacks, fake Outlook Web Access (OWA) servers were also set up for various ministries. These are used for simple, but extremely effective, credential phishing attacks,” the researchers said in a blog post. “One Ministry of Foreign Affairs got its DNS settings for incoming mail compromised. This means that Pawn Storm has been intercepting incoming email to this organization for an extended period of time in 2015.”
The exploited vulnerability is present in Flash versions 18.104.22.168 and 22.214.171.124 (the latest), and Adobe is working on patching it as we speak.
It is a matter of time until the exploit begins to see action from other cyber attackers or ends up incorporated in an exploit kit.