APT28 uses leaked Hacking Team exploits in custom EK
ESET researchers have discovered that exploits, exposed in the recent Hacking Team leak, are now being used by an attack group, known as “APT28” or “Sednit.”
As of Wednesday, an Adobe Flash exploit uncovered in the leak was packaged in APT28’s custom exploit kit so that attackers could deliver a “first-stage backdoor” to victims, a Friday blog post said. The malware, however, also contained a Windows escalation privilege exploit also made public via the Hacking Team incident.
Upon successful exploitation of the Windows bug, the malware “sets it persistence” on targeted machines, ESET explained.
“Hence, the Hacking Team leak provides a complete exploitation chain, starting from a Flash exploit for the compromise, to a Windows escalation privilege exploit allowing the payload execution with elevated privileges,” the blog said.
While Adobe quickly patched the Flash Player vulnerability (CVE-2015-5119) on Wednesday, there is still no patch for the Windows zero-day.