Pawn Storm, a potential Russian cyber operation group, is exploiting a Java zero-day vulnerability in attacks aimed at NATO member country armed forces and a US defense organization:
According to researchers, the unpatched Oracle Java SE remote code execution vulnerability has been leveraged by the group known as Pawn Storm, APT28, Sednit, Fancy Bear, Tsar Team, and Sofacy. Experts have pointed out that this is the first Java zero-day attack reported after nearly two years.
In the attacks on the NATO member country and the US defense organization, the attackers sent out emails that contained links to malicious domains hosting the Java exploit (JAVA_DLOADR.EFD). The exploit is designed to deliver a Trojan dropper (TROJ_DROPPR.CXC) that drops a payload detected as SPY_FAKEMS.C to the “login user” folder.
Experts have pointed out that the domains hosting the Java zero-day exploit are similar to the ones used in April 2015 in attacks targeting NATO members and the White House.
Java, like Flash, needs to die as well.