North Koreans deploy zero-day Adobe Flash attacks

North Korean hackers are believed to be behind a malware campaign targeting Windows users in South Korea, using a new zero-day vulnerability in Adobe's Flash media player.

Source: Simon Choi

The campaign was reported by security researcher Simon Choi, who said the North Koreans have been using the Flash zero-day since the middle of November last year.

While Choi has not yet shared samples of the malware or provided hashes for it, South Korea's CERT has issued an advisory for the zero-day, which affects the Flash Player ActiveX control, version 28.0.0.137 and earlier.

KR-CERT said the attackers try to trick users into opening Microsoft Office documents, web pages, or spam messages that contain a specially crafted Adobe Flash file.

Until Adobe releases a patch for the vulnerability, KR-CERT suggested users remove Flash Player completely from their systems.

KR-CERT did not say how many people have been affected by the Flash Player attacks.

Adobe has confirmed the critical vulnerability, which has been named CVE-2018-4878. The company said the flaw can be used for remote code execution.

It is expected to provide a patch for the vulnerability early next week.

Although the North Korean attacks have targeted Windows users, Adobe said Flash Player for macOS and Linux are also affected by the zero-day.

Adobe said administrators can set Flash Player to prompt users before playing files as an interim mitigation.

Administrators could also implement Protected View for Office, which opens files marked as potentially unsafe in read-only mode, Adobe said.