Researchers with Kaspersky Labs have discovered a whole new strain of zero day exploit which relied on Flash in order to break into users running Windows, OSX, and even Linux.
The command and control servers behind the attack have been located in various parts of Syria, leading the team who found the hole to a number of Assad dissidents who had been targeted as a part of the localized campaign.
More and more hackers coming out of Syria are hitting foreign networks by the day, as the current regime continues to fight off a growing number of rebels in a bloody civil war which has torn the country apart for just over two years now.
Newfound war brings with it waves of sudden poverty to the hundreds of thousands of civilians caught in the crossfire, and it’s this crisis that seems to be the driving force behind high-profile groups such as the Syrian Electronic Army. Hacking rings which have spent the better half of this year raiding websites like Twitter and companies such as Microsoft for all their deepest darkest secrets, and publishing them on open forums for anyone and everyone to see.
The crack specifically exploits a feature of the Flash platform known as Pixel Bender, which is generally used to process video files played through the ubiquitous web application.
Although much of what SEA has pulled out of the gigabyte-laced ground is fluff material backed up by facts we already knew thanks to Snowden, this is the first time a major zero day has been seen out of the country which could have a significant impact on the rest of the security community as a whole.
“We are sure that all these tricks were used in order to carry out malicious activity against a very specific group of users without attracting the attention of security solutions,” Kaspersky Lab researcher Vyacheslav Zakorzhevsky wrote. “We believe that the Cisco add-in mentioned above may be used to download/implement the payload as well as to spy directly on the infected computer.”
Adobe was quick to the draw this time, eradicating all versions of the bug with a single patch which was shipped out to the three OS’s just earlier this morning.