FireEye has published a blog which has linked the Adobe Flash zero-day to a North Korean Group the company tracks as TEMP.Reaper.
“We believe the actors behind this latest Flash zero-day are a North Korean group we track as Reaper,” said John Hultquist, Director of Intelligence Analysis at FireEye. “We have high confidence that Reaper is a North Korean group as we have seen them mistakenly upload data to command and control server from North Korean IP space. The majority of their targeting has been South Korea focused, targeting the government, military, and defense industrial base as well as other industry. They have also taken an interest in predictable North Korean interests such as unification efforts and defectors.”
“This is one of the North Korean actors we have been concerned about with respect to the Olympics. They could be leveraged to gather information and possibly carry out attack. We have connected attacks to other North Korean actors, but we have not seen this actor engage in disruptive or destructive activity. Though we have not seen them execute it, we have seen these actors deploy wiper malware.”
The full analysis of the methods and details of the actors can be found here: https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html
