Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution.
The zero-day arbitrary code execution exploit was specifically employed against Moscow-based "Polyclinic No. 2" of the Administrative Directorate of the President of the Russian Federation, according to separate reports from researchers at Gigamon and Qihoo 360 Core Security. The latter group is referring to the scam as Operation Poison Needles.
The phishing emails incorporated an attached Russian-language document called “22.docx” that was originally submitted to VirusTotal from a Ukranian IP address. The doc appears to be an employment application and questionnaire form for the state-run clinic; however, the file contains an RAR compressed package housing the Flash exploit. Upon activation, the exploit allows the attackers to execute code that gets them command line access to the infected system. From there, they would be able to introduce a malicious backdoor payload.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.