Cyberespionage group Pawn Storm uses exploit for unpatched Java flaw
A sophisticated group of hackers known for targeting military, government and media organizations is currently using an exploit for a vulnerability in Java that hasn’t been patched by Oracle.
The zero-day exploit was recently observed by researchers from antivirus vendor Trend Micro in attacks against the armed forces of an unnamed NATO country and a U.S. defense organization. Those targets received spear-phishing emails that contained links to Web pages hosting the exploit.
The cyberespionage group, known as APT28 and Pawn Storm, has been active since at least 2007. Some security vendors believe that it operates out of Russia and has ties to that country’s intelligence services.