Adobe Zero-Day Attack Part Of Wider Campaign

  /     /     /  
Publicated : 22/11/2024   Category : security


Adobe Zero-Day Attack Part Of Wider Campaign


Symantec research points to well-funded attackers who use so-called Sykipot malware to target defense contractors, telecommunications firms, computer hardware companies, chemical companies, energy companies, and government



The latest Adobe Reader and Acrobat zero-day attack is part of a larger, longer-term targeted attack campaign aimed mainly at stealing intellectual property from the U.S. and U.K. industries and government agencies, according to Symantec.
Symantec identified the malware family involved in the attacks as Sykipot, which has been used in targeted attacks for the past two years and possibly as far back as 2006. Organizations hit in the latest wave of attacks were mainly U.S. and U.K. defense contractors, telecommunications firms, computer hardware companies, chemical companies, energy companies, and government agencies.
Adobe on Tuesday alerted users that its Adobe Reader and Acrobat were under attack via a previously unknown flaw in the software that lets an attacker crash the app and wrest control of the victims machine. Brad Arkin, Adobes senior director of product security and privacy, said the company would issue an out-of-band update by next week for Windows-based systems only, and that
the attack was targeting Adobe Reader and Acrobat 9.4.6 for Windows
.
He advised users of Adobe Reader or Acrobat 9 and older versions to immediately upgrade to Adobe Reader or AcrobatX, which are safe from the exploit and attack due to the Protected Mode and Protected View features. Adobe will fix the issue in Adobe Reader and Acrobat for Windows in the companys next scheduled security update on Jan. 10.
Symantec researchers, meanwhile,
say this is just the latest in a series of well-funded targeted attacks
by what appears to be an organized, skilled group of people. The goal of Sykipot attackers is to obtain sensitive documents to high level executives within a variety of target organizations, of which the vast majority have been defense related. Considering the long-running campaign history of the attackers and their previous use of zero-day exploits, future versions of Sykipot that are delivered using another zero day are likely, according to a new post by Symantec today.
The backdoor Trojan used in the malware is not especially sophisticated or well-written, but the researchers point out how the attackers have been able to come up with zero-day flaws to exploit. Given the long list of command and control servers being used for controlling the botnet, the attackers are unlikely to be a single person, but rather a group of people, according to Symantec.
The attacks begin with targeted emails with a link or malicious attachment, and the attackers appear to have done their homework on employees in the victim organizations, targeting mainly C-level executives, vice presidents, and directors of the organizations. These employees may have access to sensitive information and computers containing intellectual property of interest to the attackers. Furthermore, these employees computers, and the information gathered from them, may be used to mount attacks on lower-level employees and the computers that hold the desired information, the Symantec researchers said.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security

▸ Fully committed to the future world of technology. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Adobe Zero-Day Attack Part Of Wider Campaign