Breach, Data Security, Malware, Vulnerability Management

APT28 uses leaked Hacking Team exploits in custom EK

ESET researchers have discovered that exploits, exposed in the recent Hacking Team leak, are now being used by an attack group, known as "APT28" or "Sednit." 

As of Wednesday, an Adobe Flash exploit uncovered in the leak was packaged in APT28's custom exploit kit so that attackers could deliver a “first-stage backdoor” to victims, a Friday blog post said. The malware, however, also contained a Windows escalation privilege exploit also made public via the Hacking Team incident.

Upon successful exploitation of the Windows bug, the malware “sets it persistence” on targeted machines, ESET explained.

“Hence, the Hacking Team leak provides a complete exploitation chain, starting from a Flash exploit for the compromise, to a Windows escalation privilege exploit allowing the payload execution with elevated privileges,” the blog said.

While Adobe quickly patched the Flash Player vulnerability (CVE-2015-5119) on Wednesday, there is still no patch for the Windows zero-day.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.