Russian Hackers running Cyberspying Campaign

Researchers at the FireEye, announced that they have detected the exploitation of zero-day Flash vulnerabilities and Microsoft Windows flaw in a Russian espionage campaign in order to spy on  American defense contractors, NATO official and others.

The cyber campaign started since April 13. The campaign includes the zero-day flaws as CVE-2015-3043 for Adobe, and CVE-2015-1701 for Microsoft. These malicious flaws are triggered when a victim clicks on a link to a website that is controlled by attackers.

CVE-2015-1701enables an attacker to fetch data from the System process by running code through the kernel. It enables him to modify their stolen system tokens to have the same privileges as the System process.

FireEye announced on April18, “While there is not yet a patch available for the Windows vulnerability, updating Adobe Flash to the latest version will render this in-the-wild exploit innocuous. We have only seen CVE-2015-1701 in use in conjunction with the Adobe Flash exploit for CVE-2015-3043.”

Microsoft is working on a fix for the vulnerability, which does not affect Windows 8 or later.

According to FireEye “Through correlation of technical indicators and command and control infrastructure, FireEye assesses that APT28 is probably responsible for this activity.”

According to security firm, “skilled” Russian developers and operators can be linked to APT28 through a government sponsor in Moscow. Spear phishing campaigns, which deliver surveillance-based malware payloads to machines, are used to target victims likely to have intelligence useful to the Russian government.

FireEye has given details in its released a report in October, about the activities of APT28, a Russian hacking group which has been in operation since 2007. The researchers suspect that the threat actors are likely to focus on targeting US defense and military contractors, NATO officials and others with particular interest to the Kremlin such as the Republic of Georgia and European security firms.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...