The Hacker News Logo
Subscribe to Newsletter

Java Zero-day vulnerability exploited in the Wild

java-zero-day-vulnerability
Really a bad weekend for Internet users. Three previously unknown critical zero-day vulnerabilities were revealed in Adobe’s Flash Player over the weekend, thanks to Hacking team data Breach in which 400GB of internal data were leaked over the Internet.

Now, a new zero-day vulnerability has been reported in Oracle’s Java that is reportedly being exploited in the wild by hackers to target government armed forces.

Cybercriminals are actively exploiting the Java-based zero-day flaw in an attempt to target U.S. defense agencies and members of NATO, Trend Micro security researchers warned in a blog post published Sunday.

According to researchers, the vulnerability affects only the latest version of Java, version 1.8.0.45. Though the older Java versions, Java 1.6 and 1.7 are not at all affected by this zero-day exploit.

So far, there isn’t many details disclosed about the Java zero-day bug, considering a patch is yet to be released by Oracle. Although hackers are exploiting the zero-day flaw through drive-by-downloads attack.

Java Zero-Day Exploit in the Wild


Cyber criminals are using email messages to spread the malicious links hosting the Java zero-day exploit. Once clicked, the exploit code delivers a basic Trojan dropper, TROJ_DROPPR.CXC, that drops a payload called TSPY_FAKEMS.C into the "/login user" folder.

From login user folder, the malware executes an arbitrary code on the default Java settings thus compromising the security of the system.

Researchers have also unearthed an attack that leverages a three-year-old Windows vulnerability identified as CVE-2012-015, which Microsoft addressed in Bulletin MS12-027 three years ago.

Operation Pawn Storm APT Group Behind Java 0_day Exploit


The advanced persistent threat (APT) group Operation Pawn Storm are thought to be responsible for the Java zero-day exploit attacking the member of NATO and the US defense organization, but the security firm did not disclose the names where the attack was sighted.

Pawn Storm, a group of hackers specialized in cyber-espionage operation, has been active since 2007 and has also been known by different names, including APT28, Sednit, Fancy Bear, and Tsar Team.

Are You Vulnerable to New Java Zero-Day Exploit?

Oracle developers are working with Trend Micro to develop a fix to patch the issue. Until the patch is rolled out, users are advised to disable Java temporarily in their browser.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.