The APT28 group is trying to exploit the CVE-2017-11292 Flash zero-day before users receive patches or update their systems. The state-sponsored hackers focused their attacks on state departments and private-sector businesses in the aerospace industry. The attacks employed the same old malware, a Flash exploit framework also used by the APT 28 group against Montenegro. It is unclear if they purchased the exploit or reverse engineered it from the BlackOasis attack. The group is currently trying to take down C&C servers associated with the malware used in the attacks.”]
Source: https://securityaffairs.co/wordpress/64611/hacking/cve-2017-11292-apt28.html