Confirmed Flash's zero day attack targeting Japan and South Korea, Russian hacker sells to vulnerability to Hacking Team

ByThe National Crime Agency

An Italian company "Hacking Team" who sold nationwide spyware for the public was hackedIn this case, several pieces of information on unfixed Flash zero-day vulnerabilities have been confirmed, but it became clear that attacks targeting Japan and South Korea were conducted before this information became clear by hacking It was.

Hacking Team Flash Zero-Day Tied To Attacks In Korea and Japan ... on July 1
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-tied-to-attacks-in-korea-and-japan-on-july-1/


Hacking Team's Flash 0-day: Potent enough to infect actual Chrome user | Ars Technica
http://arstechnica.com/security/2015/07/hacking-teams-flash-0day-potent-enough-to-infect-actual-chrome-user/


It was July 1 that Trend Micro confirmed this attack. Targets are users of Japan and Korea,It affects all latest Flash of Windows, Mac and LinuxWe used the vulnerability "CVE-2015-5119".

It's been foundExploit codeWas quite similar to the code contained in the information leaked from the Hacking Team, but a difference was found in some, which is because someone who got the attack package and code made by Hacking Team, Trend Micro estimates whether it was made by improving based on the leaked code.

For this "CVE - 2015 - 5119", the patch was released last week and the measure was completed, but newlyTwo vulnerabilities, "CVE-2015-5122" and "CVE-2015-5123"Has been found. Both vulnerabilities are similar to "CVE-2015-5119", a malicious Flash file executing code to install malware. A fix patch for this vulnerability will be provided later this week.

By the way, Ars Technica investigated information leaked from the Hacking Team, hackers living in Moscow sell this type of vulnerability information to the Hacking Team and the fact that the Hacking Team paid accordingly I have located it.

How a Russian hacker made $ 45,000 selling a 0-day Flash exploit to Hacking Team | Ars Technica
http://arstechnica.com/security/2015/07/how-a-russian-hacker-made-45000-selling-a-zero-day-flash-exploit-to-hacking-team/


According to Ars Technica, hackers first contacted the Hacking Team on October 13, 2013, and it is quite a sign that "Do you want to buy the latest version of Flash, Silverlight, Java, Safari's zero day vulnerability?" It seems that it was a direct offer. From Hacking Team, CEO David Vinsenthi made a reply to accept this offer.

This hacker, who is 33 years old living in Moscow as "Vitaly Tropov", has 6 vulnerabilities of being able to hand over immediately, from 30,000 dollars (about 3.68 million yen) to 45,000 dollars (about 5.5 million yen) The value is set, the sale is non-exclusive, if the exclusive sale price is tripled, there are discounts by multiple purchase, all vulnerabilities are those found by oneself personally selling I told the Hacking Team what I am doing.

Meanwhile, Guyde Randy, the developer of the Hacking Team, Troopov is an open source vulnerability database ·OSCDBI noticed that I was posting a lot of information on the site and I am a reliable person, and on October 25, the two agreed to a contract. At this time, Troopf received 45,000 dollars (about 5.51 million yen) from the Hacking Team, after that he worked at least until 20 th April 2015 and received 35 thousand dollars (about 4.29 million yen) I know that it was.

Ars Technica tried to interview this Tropoff, and although it was not a direct response, I got the content of "Q & A when I was interviewed by other journalists". According to this question and answer, Troupf does not know whether Hacking Team was a cooperator other than Tropoff, as Hacking Team is a business partner to the last, not working at the Hacking Team. Also, as for the client, I guess that it was mostly the government of the countries that make up the United States and the EU.