A highly targeted cyber attack took advantage of Zero Days in Adobe Flash Player and Windows that allowed privilege escalation.
The incident ended up discovered by FireEye researchers, who said a Russian group they call APT28 spearheaded the attack.
The security glitch in Flash Player (CVE-2015-3043), ended up patched by Adobe shortly after the discovery. In the security bulletin for the update, the developer informed that an exploit for the flaw existed.
As for the privilege escalation flaw in Windows (CVE-2015-1701), it continues to be an active Zero Day as Microsoft has to release a patch for it. The company is currently working on a patch.
Attackers relied on the Flash vulnerability to gain access to the targeted system and then exploited the Windows flaw to increase their grip on the machine, researchers said in a blog post.
The attack would start with tricking the user into following a website that served the Flash exploit for CVE-2015-3043, which would run a payload that achieved privilege escalation, allowing ATP28 to execute code with system rights, thus being able to access any region on the computer. APT28’s activity goes back as far as 2007.
Compromising systems this way is no longer possible if users uploaded the current version of Flash Player (126.96.36.199). The Zero Day in Microsoft’s operating system affects only Windows 7 and earlier.
Researchers said the attack was against an international government entity that fits the target profile the APT28 hackers focus on.