Kaspersky: We know the hackers behind latest Flash 0-day

Adobe on Tuesday reported a previously undisclosed flaw in Flash Player is under attack. Russian security firm, Kaspersky, says it knows the group behind the attacks and advises to use Microsoft’s security tool EMET.

Adobe said the Flash Player flaw CVE-2016-4171 had been used in “limited, targeted attacks”, implying a possibly state-backed cyber-espionage group was using the flaw to infect machines with malware. Adobe intends to release a patch as early as Thursday, it said on Tuesday.

Kaspersky Lab has now shed some light on the hacking crew behind the latest attacks on Flash Player, whom the Russian company’s researchers call “StarCruft”, which hit its radar in March.

“The group has several ongoing operations utilizing multiple exploits — two for Adobe Flash and one for Microsoft Internet Explorer,” the firm said.

Kaspersky hasn’t provided technical details about the exploit, but noted the attackers have targeted victims in Russia, Nepal, South Korea, China, India, Kuwait, and Romania.

One the campaigns focusses on “high profile” targets, while the other selects a website to compromise based on the profile of the visitor, known as a ‘watering hole’ attack.

Kaspersky dubbed the operations as “Daybreak” and “Erebus”.

“The first of them, Operation Daybreak, appears to have been launched by ScarCruft in March 2016 and employs a previously unknown (0-day) Adobe Flash Player exploit, focusing on high profile victims,” the firm reported.

“The other one, “Operation Erebus” employs an older exploit, for CVE-2016-4117 and leverages watering holes. It is also possible that the group deployed another zero day exploit, CVE-2016-0147, which was patched in April.”

Kaspersky noted that Microsoft’s Enhanced Mitigation Experience Toolkit “is effective at mitigating the attacks”.

The other option for consumers until Adobe releases a patch is to disable Flash Player in Internet Explorer, Firefox, or Chrome. For recent zero-day flaws affecting Flash Player, Apple has disabled Flash Player until Adobe has released a patch.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags hackersadobekaspersky labsMicrosoft Internet Explorer (IE)targeted attacksflash playerEMETStarcruft

More about AppleKasperskyMicrosoftToolkit

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts