Kremlin hackers exploited TWO 0-day Flash, Windows vulns

Operation RussianDoll smelled like Russian miscreants, say infosec bods

The Kremlin in Moscow. Pic: Pavel Kazachkov
RussianDoll: Hackers backed by the Kremlin probably targeted foreign governments

A hacking group probably backed by Russia has been making use of two zero-day exploits to target foreign governments.

The so-called "Operation RussianDoll" attackers used zero-day exploits in Adobe Flash and Windows to target a specific foreign government organisation.

Security firm FireEye says the pattern of the attacks fits those of the recently exposed APT 28 cyberspies, making the group the most likely culprits for the latest attack.

The highly complex attack featuring used two zero-days to work.

"Only a well funded threat actor, in this case a nation state one associated with the Russian government," would be capable of pulling off the assault, according to FireEye.

Adobe independently released a patch for the CVE-2015-3043 vulnerability in its software on Tuesday while Microsoft is working on a fix for the CVE-2015-1701 security bug. FireEye began detecting and preventing attacks based on these vulns on 13 April.

A technical write up of the threat can be found here. A more general over-view can be found here. ®


Biting the hand that feeds IT © 1998–2017