Russian hackers uses Flash, Windows zero-day flaws
A fresh attack by a long-known hacking group suspected to be linked with Russia did little to mask its activity in an attack a week ago.
The computer security firm FireEye wrote on Saturday that the group—called APT 28—attacked an “international government entity” on April 13, using two recently disclosed software flaws, one of which has not been patched.
The attack sought to trick victims into clicking on a link that led to a website which attacked their computer. It first used a vulnerability in Adobe Systems’ Flash player, CVE-2015-3043, then used a still unpatched Microsoft vulnerability, CVE-2015-1701, to gain higher privileges on a computer.