Earlier today, Adobe published the security advisory APSA16-03, which describes a critical vulnerability in Adobe Flash Player version 21.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Kaspersky believes these attacks are launched by an APT Group we call ScarCruft The group has several ongoing operations utilizing multiple exploits two for Adobe Flash and one for Microsoft Internet Explorer. The group is engaged in two major operations: Operation Daybreak and Operation Erebus.”]
Source: https://securelist.com/cve-2016-4171-adobe-flash-zero-day-used-in-targeted-attacks/75082/