Adobe 0-days used for IEEE aerospace spearphishing attacks

Attackers using the zero day Adobe Flash flaws patched last week delivered the exploits with a spearphishing email aimed at the aerospace sector, according to security researchers.

Security firm Alien Vault on Friday published details confirming the exploits underpinned a targeted campaign against US aerospace companies and industry.

Adobe’s patch last Friday fixed one zero day being exploited with malicious embedded Flash content in Microsoft Office documents for Windows that were delivered as emailed attachments.

According to Jaime Blasco, director of Alienvault Labs, one of the Office attachments that carried the Flash exploit was a 2013 Institute of Electrical and Electronics Engineers (IEEE) Aerospace Conference schedule.

2013 IEEE Aerospace Conference schedule. Image credit: AlienVault.

Another attack document used an “Employee Quick Reference Guide” made to appear to come from the US payments processing giant Automatic Data Processing (ADP), a company with 600,000 clients, including multinationals such as Alcoa.

The other zero exploit day targeted Macs via a malicious Flash (SWF) hosted on websites that exploited Flash in Firefox or Safari. Adobe credited the CERT of aerospace giant Lockheed Martin for discovering that exploit, giving some indication of the calibre of target the hackers were seeking.

Security firm FireEye first detected the exploit on February 5, 2013 and notes in its analysis that the codepage of the Word files used in the attacks are “Windows Simplified Chinese (PRC, Singapore).”

The executables were signed with a fake certificate from South Korean gaming company MGAME, that was also used to sign PlugX remote access tool (RAT) in past attacks on NGOs, according to AlienVault.

Two oddities of the malware were a coding reference to “Lady Boyle”, a character in the adventure game, “Dishonored”. The authors also failed to obfuscate the malicious Flash file, leaving it open to detection by generic antivirus signatures.

“It is odd and sloppy for a threat attempting industrial espionage,” FireEye researchers Josh Gomez, Thoufique Haq, and Yichong Lin noted.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags adobeIEEE

More about Adobe SystemsAlcoa AustraliaAutomatic Data ProcessingCERT AustraliaCSOFireEyeIEEELockheed MartinMacsMicrosoftPRC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts