Hacking Team Flash Zero-Day Linked to Cyber Attacks on South Korea and Japan

The corporate data leaked in the recent cyber attack on the infamous surveillance software firm Hacking Team has revealed that the _Adobe Flash zero-day _(CVE-2015-5119) exploit has already been added to several exploit kits.

Security researchers at Trend Micro have discovered evidences of the Adobe Flash zero-day (CVE-2015-5119) exploit being used in a number of exploit kits before the vulnerability was publicly revealed in this week’s data breach on the spyware company.

The successful exploitation of the zero-day Flash vulnerability could cause a system crash, potentially allowing an attacker to take full control of the affected system.

Adobe Flash Zero-Day Targeted Japan and Korea

According to the researchers, the zero-day exploit, about which the rest of the world got access on Monday, was apparently used in limited cyber attacks on South Koreaand** Japan**.

> _“In late June, [Trend Micro] learned that a user in Korea was the attempted target of various exploits, including a Flash vulnerability (CVE-2014-0497) discovered last year,” _Weimin Wu, threat analyst at Trend Micro wrote.

“Traffic logs indicate the user may have received spear-phishing emails with attached documents…contained a URL for the user to visit. This URL led to a site hosted in the United States, which [included] a Flash exploit, detected as SWF_EXPLOYT.YYKI. This particular exploit targets the zero-day Adobe vulnerability that was disclosed during the Hacking Team leak.”

The zero-day exploit downloads a Trojan on the target victim’s computer, which further downloads several other malicious payloads on the infected system.

Researchers say the zero-day exploit code they came across was very similar to the exploit code revealed as part of the Hacking Team data breach. This simply means the attack was conducted by someone with the access to the tools and services offered by Hacking Team.

However, Adobe has released a patch to address this Adobe Flash zero-day (CVE-2015-5119) vulnerability, thereby advising users to install the update as soon as possible.