The cyber campaign started since April 13. The campaign includes the zero-day flaws as CVE-2015-3043 for Adobe, and CVE-2015-1701 for Microsoft. These malicious flaws are triggered when a victim clicks on a link to a website that is controlled by attackers.
CVE-2015-1701enables an attacker to fetch data from the System process by running code through the kernel. It enables him to modify their stolen system tokens to have the same privileges as the System process.
FireEye announced on April18, “While there is not yet a patch available for the Windows vulnerability, updating Adobe Flash to the latest version will render this in-the-wild exploit innocuous. We have only seen CVE-2015-1701 in use in conjunction with the Adobe Flash exploit for CVE-2015-3043.”
Microsoft is working on a fix for the vulnerability, which does not affect Windows 8 or later.
According to FireEye “Through correlation of technical indicators and command and control infrastructure, FireEye assesses that APT28 is probably responsible for this activity.”
According to security firm, “skilled” Russian developers and operators can be linked to APT28 through a government sponsor in Moscow. Spear phishing campaigns, which deliver surveillance-based malware payloads to machines, are used to target victims likely to have intelligence useful to the Russian government.
FireEye has given details in its released a report in October, about the activities of APT28, a Russian hacking group which has been in operation since 2007. The researchers suspect that the threat actors are likely to focus on targeting US defense and military contractors, NATO officials and others with particular interest to the Kremlin such as the Republic of Georgia and European security firms.