• Russian Hackers Expose ‘Critical Vulnerability’ In Adobe Flash Player

    The Russian hacker group Pawn Storm is using a vulnerability in Adobe Flash Player to install malware on targeted users’ computers, Trend Micro researchers reported Tuesday.

    Pawn Storm “is the most significant cyber-espionage threat to the U.S. government and her NATO partners,” Trend Micro’s chief cybersecurity officer, Tom Kellermann, said in an email to The Daily Caller News Foundation. (RELATED: Pentagon Computers Were Hacked Again)

    Adobe sent out a security advisory bulletin Wednesday warning of a “critical vulnerability” in a recent edition of Adobe Flash Player that affected Windows, Linux, and Macintosh platforms. If hackers successfully exploit the program, the bulletin warned they could cause a “crash and potentially allow an attacker to take control of the affected system.”

    Pawn Storm used the Adobe exploit to target the foreign affairs ministries of various countries, Trend Micro reported. To breach their security, the hackers would send spear phishing-emails that appeared to be legitimate and included links apparently leading to information about geopolitical events. (RELATED: Russia-Based Hackers Attempted To Hack Clinton Email Server)

    Those attacks were on foreign officials, but Trend Micro notes the URLs used are similar to those used in April attacks on the North Atlantic Treaty Organization and the White House.

    Adobe is expected to release a fix for the vulnerability next week.

    Pawn Storm tends to favor this type of “elegant” spear-phishing attack, Kellermann told TheDCNF, which is uniquely deliberate. Russian cyber hackers are “very selective” in who they target, he said. “So far, hundreds have been impacted.”

    Kellermann identified civilian government agencies, the Department of Defense and NATO as three potentially high value targets if Russian hackers want to target the U.S.

    Spear phishing is a targeted email that appears to be from an individual or business that seems familiar, but is actually from someone attempting to gain unauthorized access to your computer. They might be personalized, or reference a mutual friend or recent online purchase you’ve made.

    “Suicide car bomb targets NATO troop convoy Kabul,” one line of the lines hackers used in the more recent Adobe attacks read. “Syrian troops make gains as Putin defends air strikes,” read another. If the foreign official opened the email and clicked on the link, the Flash Player vulnerability would allow the hacker to takeover the system.

    Follow Steve Ambrose on Twitter

    Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact [email protected]

    Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact [email protected]

    Powered by WPeMatico


    Surge Wire

    Breaking news and analysis from around the globe courtesy of Daily Surge.

    Trending Now on Daily Surge

    Send this to a friend