Two zero-day Adobe Flash Player vulnerabilities, labeled CVE-2018-4877 and CVE-2018-4878, have been exploited in cyber-attacks tracing back to North Korea. The attacks were carried through malware infected Microsoft Office documents, which included Flash content.
The affected versions are 28.0.0.137 and earlier of Adobe Flash Player for: Desktop Runtime (Windows, Mac & Linux), Google Chrome (Windows, Mac, Linux & Chrome OS) and Microsoft Edge and Internet Explorer 11 (Windows 10 and 8.1). The database of Common Vulnerabilities and Exposures revealed that the cyber-attacks could enable hackers to control a system and retrieve all the data stored by it.
The South Korean KISA (Korea Internet and Security Agency) reported the existence of the CVE-2018-4878 exploit, which was aimed against Windows users who frequently work with Office documents. The malware was placed in such documents, which also contained Flash content, and were sent through e-mails. All it took was for the document to be opened and the malware would automatically be downloaded and running. The recent occurrence emphasizes the fact that the use of Flash Player should be limited to the cases when it is really necessary, being advisable to avoid it whenever possible.
The malicious data that would be downloaded is an administration tool known under the name of ROKRAT, which is famously known to have been involved in many other cybernetic attacks, exploiting any detected weak spot. The tool uses various camouflage techniques in order to prevent anti-malware detection, like generating fake traffic to real websites, like Amazon and Twitter, making it seem like the targeted user is watching anime on its computer.
It was later revealed that ROKRAT was created by a team of hackers calling themselves “Group 123”, who seem to be connected in one way or another to North Korea. The group is known to be extremely proficient in their attacks, being identified as the cause of more than six attack last year alone.
However, the security measures that have been taken in order to prevent such attacks and protect user data are constantly being improved, becoming more and more efficient in fulfilling their purpose. Even so, Adobe declared that they are planning on giving up Flash Player in favor of HTML5 by 2020.