The infamous Chinese APT3 Clandestine Wolf hacker group is exploiting a critical zero-day Adobe Flash flaw to infiltrate company networks.
Researchers at FireEye revealed the campaign moments after Adobe released an out-of-band patch for the flaw, claiming it has detected phishing messages targeting businesses in the aerospace, defence, construction, technology and telecoms industries.
"In June, our FireEye as a Service team in Singapore uncovered a phishing campaign exploiting an Adobe Flash Player zero-day vulnerability (CVE-2015-3113)," read the FireEye threat advisory.
"The China-based threat group that FireEye tracks as APT3, aka UPS, is responsible for this exploit."
The attackers reportedly use the exploit as a primary means of infection before moving laterally through the victim's network.
"This group is one of the more sophisticated threat groups that FireEye Threat Intelligence tracks, and they have a history of introducing new browser-based zero-day exploits," read the advisory.
"The attackers' emails included links to compromised web servers that served either benign content or a malicious Adobe Flash Player file that exploits CVE-2015-3113.
"After successfully exploiting a target host, this group will quickly dump credentials, move laterally to additional hosts, and install custom backdoors. APT3's command and control infrastructure is difficult to track, as there is little overlap across campaigns."
APT3 is believed to be based in China and has been linked to a variety of Clandestine Fox targeted attacks.
Adobe has confirmed that it is aware of the active exploits and urged customers to install the patch as soon as possible.
"These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system," read the Adobe advisory.
"Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets."
"Adobe recommends users update their product installations to the latest versions."
FireEye similarly urged companies using Flash to install the patch as soon as possible, warning that the hackers are likely to continue their operations.
APT3 is one of many recently uncovered targeted attack campaigns. Researchers at AlienVault uncovered a campaign earlier in June targeting privacy-focused Chinese groups with watering hole attacks capable of bypassing Tor and VPN defences.
Users are told that their non-existent 'iPhoneID' is expiring soon
Expansion of SDK intended to expand Amazon Alexa ecosystem
Locky returns from a prolonged rest with two new variants
AMD lambasted over Radeon RX Vega pricing that will add an extra £100 to RX Vega 56 and 64 graphics cards
Company accused of failing to tell anyone that the launch prices were only introductory offers