U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

APT3 Operation Double Tap is targeting recently disclosed Windows vulnerabilities

FireEye discovered that the Group of hackers dubbed APT3 that managed the Op Clandestine Fox is now running a new campaign dubbed Operation Double Tap. Researchers at FireEye have uncovered a new advanced persistent threat crew dubbed APT3, which is using exploits targeting recently disclosed vulnerabilities in Windows. The experts at FireEye believe that APT3 is the same […]

APT3 Operation Double Tap is targeting recently disclosed Windows vulnerabilities

FireEye discovered that the Group of hackers dubbed APT3 that managed the Op Clandestine Fox is now running a new campaign dubbed Operation Double Tap.

Researchers at FireEye have uncovered a new advanced persistent threat crew dubbed APT3, which is using exploits targeting recently disclosed vulnerabilities in Windows. The experts at FireEye believe that APT3 is the same actor behind the “Operation Clandestine Fox” uncovered by the company in April 2014. The hackers exploited an IE zero-day vulnerability in a series of targeted attacks, now the ATP3 group is exploiting a series of flaws in Microsoft OS, including the CVE-2014-6332 vulnerability recently patched that was exploitable for 18 years before the update.

FireEye reported in a blog post the details of the attacks run by the APT3 that exploited the Windows OLE bug and also another Windows privilege escalation vulnerability (CVE-2014-4113).

The joint use of the two vulnerabilities suggests that APT3 has apparently moved from leveraging zero-day exploits, to attacking targets with “known exploits or social engineering”.

“The use of CVE-2014-6332 is notable, as it demonstrates that multiple classes of actors, both criminal and APT alike, have now incorporated this exploit into their toolkits. Further, the use of both of these two known vulnerabilities in tandem is notable for APT3. This actor is historically known for leveraging zero-day vulnerabilities in widespread but infrequent phishing campaigns. The use of known exploits and more frequent attacks may indicate both a shift in strategy and operational tempo for this group.” is reported in the post.

The experts highlighted the tactical change of APT3 group, the lack of zero-day exploits may indicate that the attackers have changed strategy, opting for social engineering attacks, and it is likely they decided to increase the frequency of the attacks.

In one attack against an energy company, the APT3 has used as attack vector an email from a supposed job applicant seeking employment. The supposed applicant contacted an employee on a popular social networking site and later sent him a resume via email that contained a malicious file used to drop a backdoor called “Cookie Cutter.”

In the last wave of attacks, dubbed “Operation Double Tap”, the APT3 sent malicious emails claiming to offer a free month’s membership to a Playboy website.

APT3 operation double tap

The post published by FireEye also includes the indicators of compromise (IOCs).

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  APT3, cyber espionage)

[adrotate banner=”5″]

[adrotate banner=”13″]