Oracle fixes Java zero-day exploited by Pawn Storm hackers

HITBSecConf2019 - The 10the annual HITB Security Conference in The Netherlands - Trainings, Conference track and Haxpo exhibition. Register now.

With its quarterly Critical Patch Update, Oracle has released security fixes for 193 vulnerabilities across all of its products (a good summary can be found here), including the Java zero-day bug (CVE-2015-2590) that is being actively exploited by attackers.

Trend Micro researchers discovered the flaw and the fact that its being exploited while investigating the ongoing Operation Pawn Storm.

“Operation Pawn Storm is a campaign known to target military, embassy, and defense contractor personnel from the United States and its allies,” the researchers explained.

“Over the past year or so, we have seen numerous techniques and tactics employed by this campaign, such as the use of an iOS espionage app, and the inclusion of new targets like the White House. Through our on-going investigation and monitoring of this targeted attack campaign, we found suspicious URLs that hosted a newly discovered zero-day exploit in Java now identified by Oracle as CVE-2015-2590.”

Targets are directed to the URL where the Java exploit is hosted via a link received in a spear-phishing email. The ultimate goal of the attack is to install information-stealing malware on the targets’ computer.

The researchers have detailed the infection chain, exploit, and indicators of compromise in this blog post.

It is recommended that this update be applied as soon as possible, even if users aren’t obvious targets of Pawn Storm attackers.