Spear phishing campaign used Flash zero-day to infect US gov officials

Hackers have been trying to break into US Government agencies by using the recently patched Adobe Flash vulnerability, CVE-2015-5119.

The FBI warned of the attacks in a memo, saying. “The FBI has received information regarding a likely ongoing phishing campaign that started 8 July 2015 and was observed targeting US Government agencies,” the memo reads, adding that “…the emails contain a link that exploits Adobe Flash vulnerability CVE-2015-5119.”

Hackers started a similar phishing campaign in June that went after government agencies and private sector companies in IT, aerospace, construction and transport.

The phishing email subject lines read “AEP Energy Program Update: 2015 Program Year Kick Off” and “Review Link”.

The Flash flaw was one of three revealed in the hack of Italian surveillance firm Hacking Team by unknown attackers.

Milan police are in an investigation that is exploring the possibility that the Hacking Team breach was an inside leak. Police have questioned several former staff already suspected of stealing company secrets.