Trend Micro finds Flash exploit utilized by Russian hackers in Pawn Storm attacks


An exploit in recent versions of Adobe Flash Player has been linked to recent cyber-attacks carried out by Russian hacker group Pawn Storm.

The group has become infamous for their high-profile attacks on targets like the German Parliament and French television network TV5Monde. The group is now targeting a global array of foreign affairs ministries, according to a report from security intelligence blog Trend Micro.

Pawn Storm is using methodology similar to that employed in cyber-attacks against the White House and NATO earlier in the year. The technique is known as spear phishing, which differs from standard phishing practices in that it targets specific individuals rather than broad swathes of users.

Emails with subject headings like ‘Syrian troops make gains as Putin defends air strikes’ and ‘Israel launches airstrikes on targets in Gaza’ were sent to targets with links purportedly leading to more information attached. These URLs would in fact lead to a platform for the Flash Player exploit to take hold.

It’s also thought that the group set up fake Outlook Web Access servers for several ministries that were targeted, which led to some credentials being stolen. Trend Micro suggests that one ministry found that its DNS settings for incoming email had been compromised as a result.

It’s worrying to see that a hacker group like Pawn Storm — also referred to as the Sofacy group and APT28 — is able to target ministries around the world with such success. However, it’s not surprising to see the organization’s reach, given the broadly held belief that the outfit maintains strong ties with the Russian government.

Trend Micro has shared its findings with Adobe, and at present the two companies are working on a method of fixing the exploit and ensuring that similar breaches don’t happen again in the future.