Russian hackers used a vulnerability in the Microsoft Windows operating system to spy on the computers of NATO, Ukraine and other political rivals.
According to a report released by cybersecurity firm iSIGHT Partners, a “zero-day” exploit is present in “all supported versions of Microsoft Windows” from Windows Vista onward. The bug allows hackers to remotely execute programs though infected email attachments.
The hackers used a method known as “spear phishing” to deploy the virus. Batch emails were sent to target organizations, infecting users’ computers if opened.
Microsoft has acknowledged the security flaw and says a patch will be rolled out this week for affected Windows releases.
The attacks were perpetrated by a Russian cyber-terrorist organization referred to as Sandworm, which has been conducting espionage operations since 2009 and has ties to the Russian government. According to iSIGHT analyst Drew Robinson, Sandworm’s targets as well as files taken from their German command server link the group to the Kremlin.
Security researchers have been unable to ascertain exactly what information has been compromised. The iSIGHT report speculates that the hackers were after information relating to the conflict between Russia and Ukraine based on the contents of recovered Sandworm emails. Sandworm has also launched attacks against European telecom and energy companies as well as academic institutions in the United States.
This isn’t the first time that Russia has been linked to cyber attacks. In May, security firm FireEye released a report illustrating a 40 percent spike in malware activity during the Russian annexation of Crimea while researchers at F-Secure found that another team of hackers had targeted Ukrainian Railways. The firm iSIGHT is also tracking “active campaigns by at least five distinct intrusions teams.” in addition to the Sandworm hackers.
As Russia emphasizes its need for network security, its links to cybercrime continue to trouble the international community.
