Panda APT group using Hacking Team flaws
The Chinese APT group known as Emissary Panda and Threat Group 3390 has been taking advantage of Hacking Team's Flash Player exploits in its actions.
According to Zscaler, the group influenced the CVE-2015-5119 vulnerability to target a huge financial services firm. The targeted organisation is a multi-national financial services firm with locations in Europe, Middle East and Asia.
The attack began with a spear-phishing message containing a malicious URL. The link was directed to a server in Hong Kong set up to host the Hacking Team Flash Player exploit. The attackers tried using the exploit to install an alternative of the HttpBrowser remote access Trojan (RAT) hosted on the same Hong-Kong-based server.
Emissary Panda has also leveraged another Hacking Team Flash Player exploit (CVE-2015-5123) in its operations. Zscaler says the attack was not an isolated incident.
Several exploits were leaked online last month after Hacking Team suffered a data breach. Emissary Panda and other APT groups suck as Wekby and Pawn Storm used the spyware maker's exploits.