A large-scale phishing campaign has been discovered that targets the telecom, high tech, aerospace, defense and other industries, according to FireEye's as a Service team.
The phishing campaign exploits were found to exploit an Adobe Flash Player zero-day vulnerability (CVE-2015-3113). The attackers’ emails included links to compromised web servers that served either benign content or a malicious Adobe Flash Player file.
FireEye said the China-based threat group APT3, aka UPS, is responsible for this exploit and the activity identified in its previous blog post, Operation Clandestine Fox.
This group is said to be one of the more sophisticated threat groups that FireEye Threat Intelligence tracks, and they have a history of introducing new browser-based zero-day exploits (Internet Explorer, Firefox, and Adobe Flash Player).
After successfully exploiting a target host, this group will quickly dump credentials, move laterally to additional hosts, and install custom backdoors. APT3’s command and control (CnC) infrastructure is difficult to track, as there is little overlap across campaigns.
Adobe has already released a patch for CVE-2015-3113 with an out-of-band security bulletin. FireEye recommends that Adobe Flash Player users update to the latest version as soon as possible.