North Korean APT Group Employed Rare Zero-Day Attack

Recent Adobe Flash exploit discovered against South Korean targets likely purchased, not developed by the hacking group.

It’s rare for nation-state hackers out of North Korea to employ zero-day attacks, so the recent Adobe Flash Player zero-day exploit discovered targeting South Korean individuals was a bit of a novelty. Even so, it wasn’t the first time the hacking team had employed a zero-day attack.

The threat actor group known as ScarCruft (aka Group 123 and Reaper) in June 2016 was spotted by researchers at Kaspersky Lab dropping a zero-day attack exploiting another Flash flaw (CVE-2016-4171), which allowed remote code execution. 

That attack, which Kaspersky dubbed Operation Daybreak, began with targeted spearphishing emails that contained a malicious URL that served up the exploit to the victim’s machine. According to Kaspersky Lab, the attack hit an Asian law enforcement agency; a Dubai restaurant; a US-based mobile advertising

... read more at: https://www.darkreading.com/attacks-breaches/north-korean-apt-group-employed-rare-zero-day-attack/d/d-id/1331011?

by