The attacks were launched by a cyberespionage group known as Pawn Storm or APT28 targeting the White House and members of the North Atlantic Treaty Organization (NATO) back in April 2015.
The group has been active since 2007 and typically targets military, government and media organizations.
Vulnerability details
Advisory: SB2015071403 - Remote code execution in Oracle Java SE
Vulnerable component: Oracle Java SE
CVE-ID: CVE-2015-2590
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-119 - Memory corruption
Description:
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to unknown error in Libraries component. A remote attacker can execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
Note: the vulnerability was being actively exploited.
Known APT campaigns:
NATO breach and the attacks against White House members
The attacks were performed by PawnStorm attackers.
External links:
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/7033/oracle-java-se-remote-code...
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.pcworld.com/article/2948592/security/oracle-fixes-zeroday-java-flaw-and-over-190-other-vu...
http://www.computerworld.com/article/2947216/security/cyberespionage-group-pawn-storm-uses-exploit-f...
http://resources.infosecinstitute.com/the-shadow-of-the-russian-cyber-army-behind-the-2016-president...
https://www.tripwire.com/state-of-security/latest-security-news/java-zero-day-bug-192-other-security...
http://www.securityweek.com/oracle-patches-java-zero-day-exploited-pawn-storm-attackers
http://blog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day...
https://duo.com/blog/update-flash-and-java-emergency-zero-day-patches