Incidents

Another Adobe Flash zero-day

Almost exactly one month ago we warned about a zero-day in Flash which was being exploited in targeted attacks. Back then, malicious SWF files were embedded inside Microsoft Excel files. Excel was used strictly as a delivery vehicle.

This month, it’s Microsoft Word’s turn. The malicious .doc referenced by Brian Krebs shares a lot of commonalities with the malicious Excel sheet from last month. So if they aren’t the same gang as before the attackers were at least inspired by this previous incident.

In contrast to last month, there’s no Poison Ivy backdoor installed in this case. This time the attack involves a Backdoor which some vendors refer to as Zolpiq, though most will be calling it something generic.

The way Zolpiq manifests itself on the system is a bit more stealthy than Poison Ivy. This may explain the shift away from the popular Poison Ivy kit. We added detection for this backdoor yesterday, as Trojan-Dropper.Win32.Small.hgt.

Overall, the same comments from last month still stand. If we want to more effectively fight these targeted attacks software vendors need to give us the option to disable features. I don’t want to view embedded Flash files in Word or Excel and neither should you. But other than uninstalling applications there isn’t a choice currently.

Another Adobe Flash zero-day

Your email address will not be published.

 

Reports

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

APT trends report Q2 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox