Flash Vulnerability Gave Chinese Hackers Free Access to Networks
The Chinese hacker group APT3 is known in the security industry for their previous, large-scale attacks. The group’s last big campaign, dubbed Operation Clandestine Fox, was a smashing success that relied on something most people visiting this website will find absurd: people using Internet Explorer.
As of that time, as much as 25% of people on the Internet were still using the notoriously insecure browser. Indeed, large organizations still use Explorer, and these are the kinds of targets that APT3 goes after. Now, in a potentially much bigger attack called “Operation Clandestine Wolf,” APT3 has found a vulnerability in Adobe Flash Player which allows it essentially unlimited access via a simple link embedded in a spear phishing e-mail. Such a link would be structured as such: hxxp://<subdomain>.<legitdomain>.<TLD>/<directory>/<alphanumericID>.html
Ultimately, a GIF file that was carefully layered and packaged would be executed, and after it had sneaked past, the malware would be unpacked and executed. After this point, lots of digital jiu-jitsu would take place, all with the purpose of gaining full access to the network. The attack is being taken very seriously because of the industries the phishing attacks seem to have targeted: aerospace, defense, telecommunications, and transportation among others. All of these industries play a vital role in the national defense of any country, and the United States is no exception.
Adobe has Patched the Vulnerability
Adobe released a patch for Flash Player, which closed the vulnerability within days of learning of it. This does not necessarily mean that those who’ve installed the patches have not already been infected. An ongoing attack could be taking place at various organizations in very important industries, with intellectual property and sensitive communications being retrieved wholesale by the group.
Not to mention credentials that are valid in other areas of those industries. All organizations which allow the use of Flash player on their network are advised to both update Flash player and to run as many diagnostics as possible on the network, specifically looking for evidence of unauthorized access.
It seems that several times per year Flash Player is turned into an open gate for hackers with a bad agenda. With the introduction of HTML5, Flash became largely unnecessary, but it has not yet reached the point where a user can have a seamless web experience without it. However, organizations which do not directly require Flash Player are encouraged to move away from it altogether. The same goes for all unneeded software, though, as a general security principal.