Russian Hackers Used Flash Vulnerability Against Foreign Governments

Security firm FireEye recently published a blog post detailing the use of two zero-day vulnerabilities against foreign government targets. According to FireEye, the attackers are most likely a state-sponsored group from Russia. The security firm first detected a pattern of attacks on April 13th, 2015, shortly after news broke that Russian hackers had breached White House security. These new attacks took advantage of previously unknown vulnerabilities in Windows and (unsurprisingly) Adobe Flash Player.

Operation RussianDoll

Russian Hackers Used Flash Vulnerability Against Foreign Governments“Operation RussianDoll,” as it has been dubbed by FireEye, is a highly sophisticated and targeted attack. As long as the target is running Windows and has Adobe Flash Player installed, he or she simply needs to click on a malicious link. The link takes the victim to the attacker’s website where the Flash exploit is served. From there, the website can download and run malicious code on the victim’s computer.

FireEye has declined to offer specific details about the victim organizations, simply referring to the target as a “specific foreign government,” which may be the United States. The attacks are similar to those previously seen by FireEye’s recently-exposed APT 28, further suggesting U.S. targets.

Fortunately, Adobe released a patch for the Flash vulnerability last Tuesday, and Microsoft is working on a fix. However, this incident may serve as yet another reminder of Flash’s numerous security issues and why more and more websites are ditching Flash for HTML5.

“To protect yourself you need to be agile, adaptive and resilient. You can’t just sit back and protect yourself from the attack that happened last week. You need to be prepared for the attack that’s coming next week, which may use new techniques, exploits, technologies, approaches, etc.”

“Adaptive organizations will deal with this threat as a normal course of business, quickly identify any potential breaches, and respond in minutes (not days, or months), returning their organization back to a normal operating cadence. Sound like your organization? If it’s not you have some work to do.”


Images from Shutterstock.

I've always been interested in the latest stuff in science and technology, and I'm currently a freshman undergraduate electrical engineering student at the University of Texas at Austin.