Dark Reading discusses a critical zero-day in Adobe Flash – surprise surprise – currently being leveraged in a campaign targeting South Korean victims:
Adobe today confirmed a report yesterday by South Korea’s Computer Emergency Response Team (KrCERT/CC) of the discovery of the zero-day vulnerability in Flash Player ActiveX 18.104.22.168 and earlier versions. The bug (CVE-2018-4878) abused in the attacks is a use-after-free vulnerability that allows remote code execution, according to Adobe’s advisory.
Johannes Ullrich, head of the SANS Internet Storm Center, says the fact that this was a targeted, zero-day attack makes it more likely to be the handiwork of a nation-state actor.
“The attack was rather limited, and targeted at individuals in South Korea who are involved in research about North Korea. I think this makes for a pretty strong case that this was a nation-state sponsored attack. Other actors would have little motivation to use a zero-day exploit in an attack against a group like this,” Ullrich says. “On the other hand, it doesn’t have to be North Korea,” given the difficulty of attribution.
It should come as no surprise that although North Korea is attempting to publicly play nice with South Korea, in the background they continue their cyber attack campaigns targeting their neighbor.