Really a bad weekend for Internet users. Three previously unknown critical zero-day vulnerabilities were revealed in Adobe’s Flash Player over the weekend, thanks to Hacking team data Breach in which 400GB of internal data were leaked over the Internet.
Now, a new zero-day vulnerability has been reported in Oracle’s Java that is reportedly being exploited in the wild by hackers to target government armed forces.
Cybercriminals are actively exploiting the Java-based zero-day flaw in an attempt to target U.S. defense agencies and members of NATO, Trend Micro security researchers warned in a blog post published Sunday.
According to researchers, the vulnerability affects only the latest version of Java, version 188.8.131.52. Though the older Java versions, Java 1.6 and 1.7 are not at all affected by this zero-day exploit.
So far, there isn’t many details disclosed about the Java zero-day bug, considering a patch is yet to be released by Oracle. Although hackers are exploiting the zero-day flaw through drive-by-downloads attack.
Java Zero-Day Exploit in the Wild
Cyber criminals are using email messages to spread the malicious links hosting the Java zero-day exploit. Once clicked, the exploit code delivers a basic Trojan dropper, TROJ_DROPPR.CXC, that drops a payload called TSPY_FAKEMS.C into the “/login user” folder.
From login user folder, the malware executes an arbitrary code on the default Java settings thus compromising the security of the system.
Researchers have also unearthed an attack that leverages a three-year-old Windows vulnerability identified as CVE-2012-015, which Microsoft addressed in Bulletin MS12-027 three years ago.
Operation Pawn Storm APT Group Behind Java 0_day Exploit
The advanced persistent threat (APT) group Operation Pawn Storm are thought to be responsible for the Java zero-day exploit attacking the member of NATO and the US defense organization, but the security firm did not disclose the names where the attack was sighted.
Pawn Storm, a group of hackers specialized in cyber-espionage operation, has been active since 2007 and has also been known by different names, including APT28, Sednit, Fancy Bear, and Tsar Team.
Are You Vulnerable to New Java Zero-Day Exploit?
Oracle developers are working with Trend Micro to develop a fix to patch the issue. Until the patch is rolled out, users are advised to disable Java temporarily in their browser.