Russian Hackers running Cyberspying Campaign

Researchers at the FireEye, announced that they have detected the exploitation of zero-day Flash vulnerabilities and Microsoft Windows flaw in a Russian espionage campaign in order to spy on  American defense contractors, NATO official and others.

The cyber campaign started since April 13. The campaign includes the zero-day flaws as CVE-2015-3043 for Adobe, and CVE-2015-1701 for Microsoft. These malicious flaws are triggered when a victim clicks on a link to a website that is controlled by attackers.

CVE-2015-1701enables an attacker to fetch data from the System process by running code through the kernel. It enables him to modify their stolen system tokens to have the same privileges as the System process.

FireEye announced on April18, “While there is not yet a patch available for the Windows vulnerability, updating Adobe Flash to the latest version will render this in-the-wild exploit innocuous. We have only seen CVE-2015-1701 in use in conjunction with the Adobe Flash exploit for CVE-2015-3043.”

Microsoft is working on a fix for the vulnerability, which does not affect Windows 8 or later.

According to FireEye “Through correlation of technical indicators and command and control infrastructure, FireEye assesses that APT28 is probably responsible for this activity.”

According to security firm, “skilled” Russian developers and operators can be linked to APT28 through a government sponsor in Moscow. Spear phishing campaigns, which deliver surveillance-based malware payloads to machines, are used to target victims likely to have intelligence useful to the Russian government.

FireEye has given details in its released a report in October, about the activities of APT28, a Russian hacking group which has been in operation since 2007. The researchers suspect that the threat actors are likely to focus on targeting US defense and military contractors, NATO officials and others with particular interest to the Kremlin such as the Republic of Georgia and European security firms.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How To Create A Virtual Penetration Testing Lab At Home

In this article, I will demonstrate how to create your own virtual penetration testing lab at home. Creating a pentesting lab is must for...

The Importance of Cyber Security in The Medical Device Industry

Medical devices are a revolutionary aspect of healthcare - they connect doctors and patients, help diagnose and treat diseases. Some - like ECMO machines...

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...