North Korea uses Flash surveillance
SOUTH KOREA’S Computer Emergency Response Team (KrCERT) has found malicious code which exploits a bug in Adobe Flash, causing victims’ machines to be compromised with malware.
KrCERT claims that North Korean agencies are hiding code in Office documents, emails and websites which exploit the bug to infect PCs.
Flash runs on a variety of browsers and platforms, but no instances have yet been noticed “in the wild” of any other platform than Windows being compromised in this manner.
Simon Choi, director of the security research center at Korean cybersecurity company Hauri, has claimed that North Koreans are using the exploit to eavesdrop on parties investigating their neighbors to the north.
Flash 0day vulnerability that made by North Korea used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea. (no patch yet) pic.twitter.com/bbjg1CKmHh
— Simon Choi (@issuemakerslab) February 1, 2018
One common method of deployment for the malware is to send spreadsheets to victims, which contain hidden Flash content. The code then uses the Flash loophole to drop its payload.
Specially constructed websites also contain the hidden content; this attack type can be mitigated by preventing Flash from autorunning in browser settings.
Adobe has acknowledged the issue and will be releasing a fix w/c Feb 5. The company has previously announced that it will cease support for the Flash plug-in in 2020. According to Google, fewer than 20 percent of websites use Flash content, which is being rapidly replaced by Web GL or HTML 5.
Flash was developed by Macromedia in the 1990s, the company being subsumed into Adobe in 2005, which also gained the DreamWeaver application – for some time the standard go-to website creation tool for the creative industry.
While Flash-heavy websites had a brief heyday in the 2000s, security concerns prevented the format becoming standard. Originally developed as a multimedia plug-in for web browsers, Adobe tried to push the code as a mobile application platform, but never really met with much success.
The most common use for Flash today is in online games, much beloved of Facebook and other social apps’ users. Mark Zuckerberg has however stated that his company’s platforms will cease support for Flash in 2020, in line with Adobe.
The best remediation for security concerns around Flash is simply not to use it. Adobe publishes a range of options to either suspend Flash’s operations or to remove it altogether.
- Banks are bracing for North Korean cyberattacks
- North Korean ‘Lazarus’ group behind recent cyberattacks, says security firm
- Is South Korea’s ICO ban just gesture politics?
- North Korean hackers ‘highly likely’ behind WannaCry attack – Symantec
- Ransomware attack possibly linked to North Korea – cybersecurity experts