Fancy Bear goes all out to beat Adobe, MSFT zero-day patches

It’s been go time for spear phishing as the window for Adobe and Windows zero-day exploits closes with recent patches. (credit: Wikipedia)

A Russia-based hacking group is seeking to maximize the value of its zero-day exploits before patches issued by Adobe (released on October 26) and Microsoft (released yesterday) become widely available. In a report issued today, researchers at Trend Micro noted that spear phishing activity—malicious e-mails sent to “various governments and embassies around the world”—had ramped up significantly after these exploits were announced.

The flaws, discovered last week by Google’s Threat Analysis Group, have been used in a long-running spear-phishing campaign against government, political, and military targets in the US and Europe. It’s all an apparent intelligence collection effort run by the group known variously as Pawn Storm, Fancy Bear, APT28, Sofacy, and Strontium. This is the same group blamed for the hack of the Democratic National Committee and the e-mail accounts of Hillary Clinton Campaign Chairman John Podesta, former Secretary of State Colin Powell, and other political figures in the US.

While Adobe patched the vulnerability (CVE-2016-7855) with an emergency update on October 26, the Microsoft vulnerability was not patched until November 8. That’s more than a week after Google announced the discovery of the exploit.

Read 5 remaining paragraphs | Comments