Chuck Bednar for redOrbit.com – Your Universe Online
Russian hackers have been exploiting a previously undetected flaw in the Microsoft Windows operating system to launch ‘zero-day’ attacks on NATO, the Ukrainian government, the European Union and academic targets in the US as part of an espionage campaign likely backed by the government, various media outlets are reporting.
The activity, which was discovered by cybersecurity researchers at iSight Partners and colleagues from Microsoft, dates back to at least 2009 and is being attributed to a group identified as the Sandworm Team based on its use of encoded references to the science fiction series Dune
“The team prefers the use of spear-phishing with malicious document attachments to target victims,” iSight officials said in a blog post Tuesday. “Many of the lures observed have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia. The team has recently used multiple exploit methods to trap its targets,” including this newly discovered zero-day exploit.
According to Ellen Nakashima of the Washington Post, targets of the attacks also included a Polish energy firm, a Western European government agency and a French telecommunications firm. Stephen Ward, iSight Senior Director, told Nakashima that the activity and the targets chosen were consistent with “espionage with Russian national interests.”
While iSight told Reuters reporter Jim Finkle it found no technical indicators that members of the Sandworm team had ties to the Russian government, John Hulquist, head of the company’s cyber espionage practice said that he and his colleagues believe the nature of their activity clearly indicates they had the support of the Russian government.
Image Above: iSight Partners
For instance, Hulquist told Finkle that NATO was targeted with a malicious document on European diplomacy in December 2013, and that several regional Ukrainian government offices received infected emails claiming to contain a list of pro-Russian extremists. iSight plans to release a full report on the Sandworm Team to its clients Tuesday afternoon.
Using this vulnerability, the Sandworm group was able to execute attacks on computer systems running the latest versions of Windows 7, Windows 8 and Windows RT, according to Robert Lemos of Ars Technica. Nakashima added that Vista was also vulnerable, but ironically, the no-longer-supported Windows XP is not.
In its blog, iSight said that it “worked closely with Microsoft to track and monitor the exploitation of this vulnerability in the wild, share technical information to assist in the analysis of the vulnerability and the development of a patch, and coordinate disclosure to the broader security community.”
“Although the vulnerability impacts all versions of Microsoft Windows – having the potential to impact an enormous user population – from our tracking it appears that its existence was little known and the exploitation was reserved to the Sandworm team,” it added.
Wall Street Journal reporter Danny Yadron said that Microsoft planned to release a patch to close the zero-day exploit on Tuesday, but noted the Redmond, Washington-based firm was concerned other cybercriminals might take advantage of the vulnerability before Windows users were able to update their operating systems.
“The incident underscores the risk to consumers as nations engage in computer espionage by searching for flaws in widely used commercial software,” Yadron noted. “Spy agencies often try to hack very specific targets, but the security holes they exploit can be used by others once they are revealed.”
—–
Windows Vulnerability Exploited In Alleged Russian Cyber-Espionage Attacks
editor
Comments