Operation Poison Needles

Description

(Qihoo 360) On the evening of November 29, 2018, shortly after the break-out of the Kerch Strait Incident, 360 Advanced Threat Response Team was the first security team to discover the APT attack against the FSBI “Polyclinic No.2” affiliated to the Presidential Administration of Russia. The lure document used to initiate the attack was a carefully forged employee questionnaire, which exploited the latest Flash 0day vulnerability CVE-2018-15982 and a customized Trojan with self-destruction function. All the technical details indicate that the APT group is determined to compromise the target at any price, but at the same time, it is also very cautious.

Names

Name	Name-Giver
Operation Poison Needles	Qihoo 360

Country

Ukraine

Motivation

Information theft and espionage

First Seen

2018

Observed Sectors

Healthcare

Observed Countries

Russia

Tools

0-day Flash exploit

Information

http://blogs.360.cn/post/PoisonNeedles_CVE-2018-15982_EN

Other Information

Uuid

e96f938a-3d98-4977-9767-5dd144595485

Last Card Change

2020-04-14

Threat Intelligence Garden

Explorer

Operation Poison Needles

Operation Poison Needles

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks