Kaspersky Lab***the global research and analysis teamGReAT in the pastseveral months, for different network attackgangfor the Asia-Pacific（APAC）andthe Far EastregiontheA series of cyber espionage attacks carried out monitoring, found that these attackstheone common feature: in order tousemalware infection victimsthatthe attackerbyCVE-2 0 1 5-2 5 4 5vulnerabilitythe use of the program Implementationattack. Thisexists in Microsoft Office vulnerabilities in software has been to2 0 1 5 yearbottom is patched now but stillforcybercriminalsusethe. Known usethis exploit program cybercrimegangs havePlatinum, APT16andEVilPost and SPIVY, and most recently hasaknown as Danti. Newthe cyber espionage attackgang*added to this row column.
The exploit program is a cyber-espionage attack organizations and cyber criminals widely use of malicious tools, can be hidden to utilize the malware attack computer. A few years ago, the use of the so-called zero-day vulnerabilities, i.e. in the natural environment using the vulnerability and the affected software vendor has not yet released for this vulnerability fix patch to attack is the definition of the complex attacker of the main character. However, now the situation has changed. Now, the cyber espionage attack groups greater use of known vulnerabilities, because such a lower cost, but also can achieve good infection rates.
CVE-2 0 1 5-2 5 4 5 vulnerability allows an attacker to use a special kind of EPS image files to execute arbitrary code. This exploit program the risk is very high, because it uses PostScript technology, to bypass Windows Address Space layout randomization（ASLR and Data Execution protection DEP Protection Technology. Danti is the latest discovery of the use of this vulnerability to attack the network of criminal gangs.