Menu
Cyberespionage group Pawn Storm uses exploit for unpatched Java flaw

Cyberespionage group Pawn Storm uses exploit for unpatched Java flaw

The exploit was used in attacks against the armed forces of a NATO country and a U.S. defense organization

Big data

Big data

A sophisticated group of hackers known for targeting military, government and media organizations is currently using an exploit for a vulnerability in Java that hasn't been patched by Oracle.

The zero-day exploit was recently observed by researchers from antivirus vendor Trend Micro in attacks against the armed forces of an unnamed NATO country and a U.S. defense organization. Those targets received spear-phishing emails that contained links to Web pages hosting the exploit.

The cyberespionage group, known as APT28 and Pawn Storm, has been active since at least 2007. Some security vendors believe that it operates out of Russia and has ties to that country's intelligence services.

The group has been targeting NATO members and governments in Europe, Asia and the Middle East, as well as defense contractors and media organizations. It typically sends rogue emails to its victims with malicious links to supposed articles about geopolitical events.

The newly found exploit affects the latest version of the Java runtime environment, Java 8 Update 45, which was released in April, researchers from Trend Micro said in a blog post.

Surprisingly, the exploit doesn't affect the older Java 7 and Java 6 versions, which no longer receive public security patches from Oracle.

A couple of years ago Java was the most frequently attacked browser plug-in, which prompted Oracle to beef up security in Java 8.

This is the first Java zero-day exploit reported in nearly two years, the Trend Micro researchers said.

Zero-day exploits are those that target previously unknown vulnerabilities for which patches are not yet available.

Although unrelated, this exploit's discovery comes at a time when security researchers found three zero-day exploits for Flash Player in data leaked from a surveillance software maker called Hacking Team.

Disabling both Flash Player and Java is advisable until these vulnerabilities are patched, the Trend Micro researchers said in a separate blog post. "Extra caution should be exercised for the foreseeable future and special attention paid for the possibility of compromised ad servers."

"Flash and Java vulnerabilities are particularly well-suited for malvertising attacks, so we could possibly see these vulnerabilities incorporated into exploit kits that, in turn, are used to attack ad servers," the researchers said.

In fact, two of the newly found Flash Player exploits have already been integrated into exploit kits that are used in malvertising attacks.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Oraclemalwaretrend microintrusionExploits / vulnerabilities

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments