A RUSSIAN HACKER GROUP has been taking advantage of vulnerabilities in popular Adobe and Microsoft software to gather government information, US security firm FireEye has claimed.
The company's latest report said that it detected a limited advanced persistent threat campaign targeting zero-day vulnerabilities in Adobe Flash and Microsoft Windows which started on 13 April.
FireEye said that the group's goal is to find information about government, military and security organisations which is "likely to benefit the Russian government".
Researchers using the security firm's Dynamic Threat Intelligence Cloud software detected the pattern of attacks through a "correlation of technical indicators and command and control infrastructure", and believes that APT28 is "probably responsible" for this activity.
Adobe has since patched the CVE-2015-3043 vulnerability in APSB15-06.
Microsoft is aware of the outstanding local privilege escalation vulnerability in Windows, named CVE-2015-1701, but has not yet issued a patch.
FireEye said that updating Adobe Flash to the latest version will render the exploit harmless because it has seen CVE-2015-1701 in use only in conjunction with the Adobe Flash exploit for CVE-2015-3043.
The Flash exploit is served from unobfuscated HTML/JS. The launcher page picks one of two Flash files to deliver depending on the target's platform, for example Windows 32-bit or 64-bit.
"The payload exploits a local privilege escalation vulnerability in the Windows kernel if it detects that it is running with limited privileges," explained FireEye.
"It uses the vulnerability to run code from userspace in the context of the kernel, which modifies the attacker's process token to have the same privileges as that of the system process."
The APT28 attackers relied heavily on the CVE-2014-0515 metasploit module to conduct these new exploits, FireEye said.
CVE-2014-0515 exploits a vulnerability in Flash's Shader processing, whereas CVE-2015-3043 exploits a vulnerability in Flash's FLV processing.
Users are advised to patch their Flash software as soon as possible to protect against the vulnerability.
The group was discovered and detailed by FireEye in a report which claimed that it has been spying on Asia Pacific countries' governments from as far back as 2004.
The security firm said that APT 30 takes a special interest in political developments in Southeast Asia and India, and is particularly active during Association of Southeast Asian Nations summits.
It also focuses on regional issues and territorial disputes between China, India and Southeast Asian countries. µ
Spool if you think it's over
A break from the status Kuo
In China, at least