CIP Cyber

Russian Hackers running Cyberspying Campaign

Table of Contents

Researchers at the FireEye, announced that they have detected the exploitation of zero-day Flash vulnerabilities and Microsoft Windows flaw in a Russian espionage campaign in order to spy on  American defense contractors, NATO official and others.

The cyber campaign started since April 13. The campaign includes the zero-day flaws as CVE-2015-3043 for Adobe, and CVE-2015-1701 for Microsoft. These malicious flaws are triggered when a victim clicks on a link to a website that is controlled by attackers.

CVE-2015-1701enables an attacker to fetch data from the System process by running code through the kernel. It enables him to modify their stolen system tokens to have the same privileges as the System process.

FireEye announced on April18, “While there is not yet a patch available for the Windows vulnerability, updating Adobe Flash to the latest version will render this in-the-wild exploit innocuous. We have only seen CVE-2015-1701 in use in conjunction with the Adobe Flash exploit for CVE-2015-3043.”

Microsoft is working on a fix for the vulnerability, which does not affect Windows 8 or later.

According to FireEye “Through correlation of technical indicators and command and control infrastructure, FireEye assesses that APT28 is probably responsible for this activity.”

According to security firm, “skilled” Russian developers and operators can be linked to APT28 through a government sponsor in Moscow. Spear phishing campaigns, which deliver surveillance-based malware payloads to machines, are used to target victims likely to have intelligence useful to the Russian government.

FireEye has given details in its released a report in October, about the activities of APT28, a Russian hacking group which has been in operation since 2007. The researchers suspect that the threat actors are likely to focus on targeting US defense and military contractors, NATO officials and others with particular interest to the Kremlin such as the Republic of Georgia and European security firms.

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable vulnerabilities

Sunset: Dusk VM walkthrough

Sunset: dusk is a vulnerable by design Debian based machine created by whitecrOwz. It is available on https://www.vulnhub.com This machine is ranked as a beginner

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings