Russian hackers take advantage of Windows flaw to spy on NATO, Ukraine and foreign governments


Hackers in Russia are taking advantage of vulnerability in Windows to conduct a cyberespionage campaign on Ukraine, NATO and foreign governments according to researchers.

Dubbed "Sandworm Team," the campaign has been running for the past five years per iSIGHT Partners, the security firm which studied the code deployed in the attacks and uncovered the ongoing spying. The campaign has been dubbed Sandworm as the members of the espionage team used references from the Dune series by Frank Herbert in their code to compromise the targets.

According to iSIGHT Partners, the cyberespionage campaign exploits the zero-day CVE-2014-4114 flaw that affects pretty much all the versions of Windows OS that has released post Windows Vista.

iSIGHT believes that the attack is part of Russian espionage operation (as suggested by the language codes) that was running for two years. However, in their rush to garner sensitive data, the hackers made certain mistakes which burst their cover and bought the cyberespionage to light.

"Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here," said John Hultquist, who heads iSIGHT's cyberespionage practice.

iSIGHT, however, does not know what information has reached the hands of the hackers. A strong possibility exists, that Russia desired to gather intelligence data pertaining to the U.S. and Europe retaliations to Russia's moves in Ukraine and other places. Information on energy and telecommunication, as well as diplomatic issues may have also been targeted.

Per an ArsTechina report, Hultquist divulged that NATO was "hit," as well as "multiple organizations" in the Ukraine.

iSIGHT Partners intends to release a report pertaining to the campaign for its client on Tuesday, Oct. 14. The security firm has also alerted Microsoft about the flaw and the latter is creating a patch to fix the bug. The patch will be rolled out to the affected Windows versions on Tuesday, Oct. 14.

The NATO, European Union, as well as the Russian and Ukrainian governments are yet to comment on the campaign.

On Tuesday, Microsoft has released a patch to fix the issue. This comes with the fixes to plug holes in Microsoft Office, Internet Explorer, .Net Framework, and Windows.

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics