This threat actor clearly seeks out and compromises websites of organizations related to international security policy, defense topics, and other non-profit sociocultural issues. The actor either maintains persistence on these sites for extended periods of time or is able to re-compromise them periodically.Today's update follows a critical security update that was released just over two weeks ago, fixing the same zero-day vulnerability giving hackers complete control over compromised systems.
This actor also has early access to a number of zero-day exploits, including Flash and Java, and deploys a variety of malware families on compromised systems. Based on these and other observations, we conclude that this actor has the tradecraft abilities and resources to remain a credible threat in at least the mid-term.
The vulnerability affects all Macs with Adobe Flash Player versions before 18.104.22.168 and Adobe recommends all users update their products to the latest of Flash. Adobe maintains a site where users can check the version of Flash installed and the up-to-date Flash software can be downloaded from Adobe's website.