A targeted attack campaign that is believed to be state sponsored and uses Adobe and Windows zero-day vulnerabilities to infect victims' systems has been uncovered by researchers at FireEye.
FireEye reported uncovering the "RussianDoll" campaign in a threat advisory, warning it has marked similarities to previously discovered state-sponsored APT28 attacks. APT28 is a cyber espionage group tied to the Russian government.
"Using the Dynamic Threat Intelligence Cloud (DTI), FireEye researchers detected a pattern of attacks beginning on April 13th, 2015," read the advisory.
"Through correlation of technical indicators and command and control infrastructure, FireEye assess that APT28 is probably responsible for this activity."
FireEye is yet to disclose the target organisation's identity, but has said it is "an international government entity in an industry vertical that aligns with known APT28 targeting".
The attack reportedly works using a sophisticated five-stage strategy that uses a patched flaw in Adobe Flash and unpatched bug in Microsoft's Windows 7 and below operating system to steal information.
The strategy sees the attackers target victims with messages containing links to a malicious websites that when clicked act as an HTML/JS launcher page that serves and triggers the Flash exploit.
Once launched the attack executes a shellcode that downloads and runs an executable payload that leads to local privilege escalation (CVE-2015-1701) and lets the hackers steal a system token.
This reportedly lets the hackers gain increased access to the system and makes it easy for them to take follow-on actions and steal information from the victim.
While the attack is currently believed to have a very limited focus, FireEye CTO Dave Merkel warned it is only a matter of time before run-of-the-mill cyber criminals learn from it and use the technique in their own schemes.
"If you think you aren't a target, think again. Whatever a nation state uses today, organised crime will use tomorrow and hacktivists will use the day after that. ‘Cyber weapons' proliferate much faster than those in the physical realm," he wrote in a blog post.
"The rising tide raises all ships. Expect to see these exploits everywhere and anywhere sometime soon.
"You cannot sit back using a staid approach from 1995 (or 2005, or 2010, or...well, you get the idea). This isn't going to stop. It will get worse before it gets better (if it ever gets better)."
Microsoft is currently working on a patch fix to plug the flaw being used in the attack. FireEye recommended businesses using Adobe and Microsoft install the patches as soon as possible.
The campaign's discovery follows widespread reports firms are operating overly lax patch update policies. Verizon listed poor patching practices as a key reason why one in four phishing scams is successful in its Data Breach Investigations Report earlier in April.
Latest Tesla news: Tesla share price continues to fall after Saudi Arabia's sovereign wealth fund is linked to investment in rival
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps
The scale of jobs lost to automation will be at least as large as those in the first three industrial revolutions
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC