UpGuard Blog

Latest Pawn Storm Campaign Exploits Adobe Flash Zero-Day Vulnerability

Written by UpGuard | Oct 16, 2015 1:37:00 AM

Researchers at Trend Micro have discovered a new zero-day vulnerability in the much-maligned Adobe Flash Player that leaves users vulnerable to remote attacks. The exploit code is being used by the politically-motivated cyberespionage group Pawn Storm in a widespread spear phishing campaign targeted at various government entities. Adobe has yet to patch this vulnerability and will likely issue an emergency fix in the next couple days. Here's what can be done in the interim to protect yourself. 

Anatomy of the Exploit

Specially-crafted emails containing false links to newsworthy articles are sent to targeted email accounts. Upon clicking a link, the victim unknowingly activates malicious code that in turn exploits local Flash player installations, leading to compromised credentials and data theft.

Example subject lines and link titles in the malicious emails include: 

“Suicide car bomb targets NATO troop convoy Kabul”

“Syrian troops make gains as Putin defends air strikes”

“Israel launches airstrikes on targets in Gaza”

“Russia warns of response to reported US nuke buildup in Turkey, Europe”

“US military reports 75 US-trained rebels return Syria”


This Adobe Flash zero-day vulnerability affects at least Adobe Flash Player versions and In the absence of a patch from Adobe, it's highly recommended that the above versions of Flash be disabled—or better yet, uninstalled from your systems entirely. UpGuard can automatically scan your entire environment for vulnerable versions of Flash, notifying you if exploitable versions are detected on an ongoing basis.


Update - 10/16/2015: Adobe has since issued a patch for the vulnerability. Download it here.

More Blogs

How CSTAR Works What's In the Website Risk Grader? Understanding Risk in the 21st Century

How CSTAR Works

All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >

What's In the Website Risk Grader?

The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >

Understanding Risk in the 21st Century

And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.
Read Blog >