Delaware, USA – February 2, 2018 – Two days ago, South Korean CERT reported a zero-day vulnerability in Flash Player exploited by North Korean hackers for more than two months. Adobe promises to release updates only on Monday, February 5. The list of vulnerable products can be found at:
Vulnerability CVE-2018-4878 allows adversaries to execute code on targeted systems remotely. To perform this attack, they can leverage MS Word files containing malicious Flash code, SWF files or web pages with Flash objects. Prior to the release of the update, Adobe recommends applying Protected View for Office feature to prevent automatic code execution if someone in your organization will open a malicious document.
Hackers from North Korea perform operations around the world, it is likely that this vulnerability has already been used in other attacks directed not only against South Korea researchers. Exploiting of zero-day vulnerability allows adversaries to penetrate corporate networks bypassing security solutions. It is possible to detect traces of such attacks and suspicious activity with SIEM tool, leveraging APT Framework use case will help you can uncover questionable connections and operation of various APT threats.