Hacking Team Flash Zero-Day tied to attacks in Korea and Japan

Security experts at Trend Micro revealed that one of the exploits discovered in the Hacking Team package tied to Attacks In Korea and Japan.

Following the recent hack of the popular surveillance firm Hacking Team, the experts started the analysis of the material leaked online by the attackers. The package leaked online include also a number of exploits used by the company to compromise targeted systems by exploiting flaws in Adobe Flash ad Internet Explorer applications.

The researchers discovered at least three different software exploits, two designed to hack Adobe Flash Player and one for Microsoft’s Windows kernel. In particular the “Use-after-free vulnerability”, coded as CVE-2015-0349 has already been patched.

“The information dump includes at least three exploits – two for Flash Player and one for the Windows kernel. One of the Flash Player vulnerabilities, CVE-2015-0349, has already been patched.” states the post published by Trend Micro.

The experts at the Hacking Team described the second Flash Player exploit as “the most beautiful Flash bug for the last four years,” it still has no CVE associated.

“One of the Flash exploits is described by Hacking Team as “the most beautiful Flash bug for the last four years.” This Flash exploit has not yet been given the CVE number.” continues the post.


Another disconcerting discovery made by principal security firms, is the inclusion of the Adobe Flash zero-day (CVE-2015-5119) exploit with several exploit kits available in the criminal underground. The malware researchers at Trend Micro have discovered evidence of the Adobe Flash zero-day (CVE-2015-5119) exploit being used in a number of exploit kits before the vulnerability was publicly revealed in this week’s data breach on the spyware company. To avoid problems, apply urgently the patch provided by Adobe.

The attackers used the Flash zero-day exploits to cause a system crash and take full control of the infected systems. According to the researchers at Trend Micro this particular zero-day exploit was used in cyber attacks on South Korea and Japan.


“In late June, we learned that a user in Korea was the attempted target of various exploits, including CVE-2014-0497, a Flash vulnerability discovered last year. Traffic logs indicate the user may have received spear phishing emails with attached documents. These documents contained a URL for the user to visit; this URL led to a site hosted in the United States which contained a Flash exploit, detected as SWF_EXPLOYT.YYKI. This particular exploit targets the zero-day Adobe vulnerability that was disclosed during the Hacking Team leak. We noticed that this exploit was downloaded to the user’s machine several times in a week.”  wrote Trend Micro.

“We also found that other users had also visited the domain that hosted the exploit code. While many of these users were also in Korea, one of them was located in Japan. This activity started as early as June 22. We cannot confirm that they too were the subject of exploit attempts, but this is likely.”

According to the researchers, the zero-day exploit, about which the rest of the world got access on Monday, was apparently used in limited cyber attacks on South Korea and Japan. The researchers confirmed that the zero-day exploit code they analyzed was very similar to the exploit code included in the HAcking Team Package.

This circumstance suggests that the attackers had access to the hacking tools offered by the Hacking Team firm.

“We believe this attack was generated by Hacking Team’s attack package and code.” states Trend Micro.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase