Adobe Flash Exploit Result Of Security Company Breach

Early this week the cyber security company Hacking Team was victim of a security breach by unknown hostile cyber actors. Lots of sensitive company information was breached and with it an Adobe Flash exploit.

First off, who is Hacking Team?

Hacking Team is a company based out of Milan, Italy that sells cyber intrusion and surveillance tools to government and law enforcement. These tools are not defensive in nature like antivirus and firewall. The tools are designed to monitor, find, and collect information on people. Based on Hacking Team’s client list there are some concerns that these tools are being used for purposes that are on Santa’s naughty list… like human rights violations.

What happened?

On the 5th of July, 2015 Hacking Team’s Twitter feed was compromised and a link of over 400GB of sensitive company data was published. At some time before this the company’s security was compromised in an unknown way that resulted in the over 400GB of files and sensitive emails to be exfiltrated out of Hacking Team’s computer network.

Screen shot of the defaced Hack Team Twitter feed

Within the Torrent data file was some of their code and software to include a nasty Adobe Flash exploit for version 18.0.0.194 and earlier. This exploit has already been incorporated into exploit toolkits used by hostile cyber actors. The solution from Adobe is the make sure your flash is updated to the most recent version and you are safe. For more information from Adobe please refer to their Adobe Product Security Incident Response Team (PSIRT) Blog at http://blogs.adobe.com/psirt/?p=1228

What does this say for end users?

This breach reinforces that anyone is a target including security companies. This event also shows that not just the breached organization is at risk as in this case what was taken from Hacking Team is already being used against innocent people on the internet.

Post by Remote Process