Cybersecurity firm ESET published last Tuesday a 29-page report detailing some of the more sophisticated attack methods being employed by cyber-espionage groups, particularly one operating out of Russia named Turla.
Turla hackers had apparently been using Flash Player installers to deliver malicious code to targets of political interest to Russia, such as employees at embassies of post-Soviet states. The installers were described to have been benign and legitimate-looking and even connected to actual domains and IPs belonging to Adobe. However, ESET ruled out the possibility that Turla had compromised Adobe’s servers, and instead, was able to deliver the Mosquito backdoor trojan to its targets using a man-in-the-middle attack during the installation process.
It is said that this clever method of attack is expected by the cyber-security community from Turla, who is notorious for developing advanced malware, and had even used satellites in the past to deliver malicious payload.
Source: Bleeping Computer