On Jan. 31, KISA (KrCERT) published an advisory
about an Adobe Flash zero-day vulnerability (CVE-2018-4878)
being exploited in the wild. On Feb. 1, Adobe issued an advisory
confirming the vulnerability
exists in Adobe Flash Player 126.96.36.199 and earlier versions,
and that successful exploitation could potentially allow an attacker
to take control of the affected system.
FireEye began investigating the vulnerability following the release
of the initial advisory from KISA.
We assess that the actors employing this latest Flash zero-day are a
suspected North Korean group we track as TEMP.Reaper. We have observed
TEMP.Reaper operators directly interacting with their command and
control infrastructure from IP addresses assigned to the STAR-KP
network in Pyongyang. The STAR-KP network is operated as a joint
venture between the North Korean Government's Post and
Telecommunications Corporation and Thailand-based Loxley Pacific.
Historically, the majority of their targeting has been focused on the
South Korean government, military, and defense industrial base;
however, they have expanded to other international targets in the last
year. They have taken interest in subject matter of direct importance