"This appears to suggest that FinSpy is now fuelling global intelligence operations, with one country using it against another," Kaspersky said. "Companies developing surveillance software such as FinSpy make this arms race possible. The malware used in the attack is the most recent version of FinSpy, equipped with multiple anti-analysis techniques to make forensic analysis more difficult."
According to Kaspersky's assessment, BlackOasis targets various figures involved in Middle Eastern politics, including key people in the United Nations, opposition bloggers, activists and regional news correspondents.
In 2016, researchers said they observed heavy interest in Angola "exemplified by lure documents indicating targets with suspected ties to oil, money laundering and other activities".
The hacking group has also shown interest in international activists and think tanks, researchers noted. Kaspersky said victims have so far been observed in Russia, Iraq, Afghanistan, Saudi Arabia, Iran, Nigeria, Libya, Jordan, Tunisia, Bahrain, Angola, the United Kingdom and the Netherlands.
Researchers believe that the BlackOasis group also targeted another zero-day exploit – CVE-2017-8759 – in September.
"The attack using the recently discovered zero-day exploit is the third time this year we have seen FinSpy distribution through exploits to zero-day vulnerabilities," Anton Ivanov, lead malware analyst at Kaspersky Lab, said.
"Previously, actors deploying this malware abused critical issues in Microsoft Word and Adobe products. We believe the number of attacks relying on FinSpy software, supported by zero-day exploits such as the one described here, will continue to grow."
Kaspersky notified Adobe of the vulnerability and the company has already issued an advisory and a patch to address the issue that affected Google's Chrome, Microsoft's Edge, Internet Explorer browsers and desktop versions.
The news comes after Adobe announced in July plans to retire its once pivotal Flash plugin by the end of 2020 that has since been replaced by website developers with alternatives such as HTML5 to display video and media.
Adobe's Flash player has suffered from a litany of software bugs in recent years that have been exploited by hackers in the past.