On March 21,2018, Morphisec Labs began investigating a compromised website after receiving a message about it from malware hunter @PhysicalDrive0. The investigation, conducted by Morphisec researchers Michael Gorelik and Assaf Kachlon, determined that the corporate site of a leading Hong Kong Telecommunications company had been compromised. Attackers added an embedded Adobe Flash file that exploits the Flash vulnerability CVE-2018-4878 on the main home.php page.
Article Link: http://blog.morphisec.com/watering-hole-attack-hong-kong-telecom-site-flash-exploit-cve-2018-4878