Adobe Hack Worsens
The Adobe Flash problem is far from over. It is now being reported that hackers are working to break into federal agencies using the recently patched Flash vulnerability.
Adobe released an emergency update to fix a critical flaw in its Flash Player browser plugin last week. The vulnerability is actively exploited in the wild via limited, targeted attacks. Internet Explorer for Windows 7, Firefox and Windows XP users are vulnerable.
The FBI issued a warning in a memo.
“The FBI has received information regarding a likely ongoing phishing campaign that started 08 July 2015 and was observed targeting U.S. government agencies. This campaign is similar to a June campaign launched by similar malicious actors. In both campaigns, the e-mails contain a link that exploits Adobe Flash vulnerability CVE-2015-5119.”
This Adobe flaw, and two previous ones, were made public after the Hacking Team was hacked themselves. The Italian company made a name for itself helping governments and intelligence agencies spy on people. But now the tables have been turned as the team’s private documents have been exposed online. The recent Adobe Flash flaw was part of that hack.
As part of the attack, hackers sent a tweet from the Hacking Team’s twitter account that offered a link to 400 GB of the company’s source code, e-mails and internal files. Adobe so far has been the biggest victim.
Adobe said successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe said an exploit targeting this vulnerability has been published publicly.
There is little doubt that cybercriminals have already got their evil little hands on this latest flaw and will integrate it in their exploit kits with much haste. This is one of the fastest documented cases of an immediate weaponization in the wild, possibly thanks to the detailed instructions left by Hacking Team themselves.