Adobe released an update for Flash Player to address three vulnerabilities, one of which is a Zero Day attackers are jumping on.
The Zero Day was a part of an attack involving multiple economic and foreign policy sites, said researchers at FireEye who along with Google reported the vulnerabilities to Adobe.
The visitors of at least three non-profit organizations, two of which deal with matters of U.S. national security, ended up redirected to a server hosting the Zero Day.
This attack appears to have a relationship to an older campaign in May 2012.
“The group behind this campaign appears to have sufficient resources (such as access to Zero Day exploits) and a determination to infect visitors to foreign and public policy websites. The threat actors likely sought to infect users to these sites for follow-on data theft, including information related to defense and public policy matters,” FireEye researchers said in their blog.
The existence of the Adobe Flash Player Zero Day released February 13, when researchers noticed visitors of the Peter G. Peterson Institute for International Economics ended up redirected to an exploit server via a hidden iframe.
Researchers found the visitors of two other sites, the American Research Center in Egypt and the Smith Richardson Foundation, also ended up redirected to the same server.
The attackers tried to bypass ASLR protections by targeting only computers running Windows XP, Windows 7 with Java 1.6, and Windows 7 running unpatched versions of Office 2007 and 2010.
The exploit downloads and install the PlugX/Kaba RAT, allowing the attackers to take control of the infected devices.