A targeted attack campaign that is believed to be state sponsored and uses Adobe and Windows zero-day vulnerabilities to infect victims' systems has been uncovered by researchers at FireEye.
FireEye reported uncovering the "RussianDoll" campaign in a threat advisory, warning it has marked similarities to previously discovered state-sponsored APT28 attacks. APT28 is a cyber espionage group tied to the Russian government.
"Using the Dynamic Threat Intelligence Cloud (DTI), FireEye researchers detected a pattern of attacks beginning on April 13th, 2015," read the advisory.
"Through correlation of technical indicators and command and control infrastructure, FireEye assess that APT28 is probably responsible for this activity."
FireEye is yet to disclose the target organisation's identity, but has said it is "an international government entity in an industry vertical that aligns with known APT28 targeting".
The attack reportedly works using a sophisticated five-stage strategy that uses a patched flaw in Adobe Flash and unpatched bug in Microsoft's Windows 7 and below operating system to steal information.
The strategy sees the attackers target victims with messages containing links to a malicious websites that when clicked act as an HTML/JS launcher page that serves and triggers the Flash exploit.
Once launched the attack executes a shellcode that downloads and runs an executable payload that leads to local privilege escalation (CVE-2015-1701) and lets the hackers steal a system token.
This reportedly lets the hackers gain increased access to the system and makes it easy for them to take follow-on actions and steal information from the victim.
While the attack is currently believed to have a very limited focus, FireEye CTO Dave Merkel warned it is only a matter of time before run-of-the-mill cyber criminals learn from it and use the technique in their own schemes.
"If you think you aren't a target, think again. Whatever a nation state uses today, organised crime will use tomorrow and hacktivists will use the day after that. ‘Cyber weapons' proliferate much faster than those in the physical realm," he wrote in a blog post.
"The rising tide raises all ships. Expect to see these exploits everywhere and anywhere sometime soon.
"You cannot sit back using a staid approach from 1995 (or 2005, or 2010, or...well, you get the idea). This isn't going to stop. It will get worse before it gets better (if it ever gets better)."
Microsoft is currently working on a patch fix to plug the flaw being used in the attack. FireEye recommended businesses using Adobe and Microsoft install the patches as soon as possible.
The campaign's discovery follows widespread reports firms are operating overly lax patch update policies. Verizon listed poor patching practices as a key reason why one in four phishing scams is successful in its Data Breach Investigations Report earlier in April.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago