16 October 2014

Russian Hackers Used Bug in Microsoft Windows for Spying, Report Says

By MARK SCOTT
OCT. 14, 2014

LONDON — Russian hackers used a bug in Microsoft Windows to spy on several Western governments, NATO and the Ukrainian government, according to a report released Tuesday by iSight Partners, a computer security firm in Dallas.

The targets also included European energy and telecommunications companies and an undisclosed academic organization in the United States, the cybersecurity report said.

While it is unclear what type of information may have been retrieved, iSightsaid that the targets of the attacks were often linked to the continuing standoff in Ukraine between Russia and the West.

That included the NATO summit meeting in Wales in early September regarding the Ukrainian conflict, in which the Russian hackers targeted the Eastern European country’s government and at least one American organization, the report said.

The illegal activities started as early as 2009 and used a variety of techniques to gain access to delicate information. ISight said the Russian hackers started using the vulnerability in Windows known as zero day only in the late summer.

The bug affected versions from Windows Vista to the company’s latest software, Windows 8.1, though Microsoft is expected to release an update on Tuesday to resolve the potential vulnerability.

Despite efforts to thwart the Russian hackers’ attacks, iSight said using the Microsoft zero-day bug and other illegal tactics almost certainly allowed the hackers to gain some access to their targets.

“The use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree,” the computer security company said in a statement.

While the vulnerability affected many versions of Windows, iSight said the Russian hackers appeared to be the only group to use the bug. The company added, however, that other companies and organizations may also have been affected by the attacks.

Representatives for Microsoft and the Russian government were not immediately available for comment.

The discovery of the suspected Russian hackers is the latest in a series of worldwide cyberattacks that have affected individuals, government agencies and companies.

Many of these attacks have originated in Russia and other Eastern European countries, though the purpose of the hackers’ efforts has often varied.

Last year, for example, Eastern European hackers gained access to the dataof up to 110 million customers of the retailer Target.

In August, security researchers discovered that a separate Russian crime ring had amassed a huge collection of stolen online information, including roughly 1.2 billion user names and passwords and more than 500 million email addresses.

And this month, JPMorgan Chase also revealed that another cyberattack​, which experts believe originated in Russia,​ had compromised the banking accounts of roughly 76 million households and seven million small businesses.

ISight said it had called the most recent Russian hackers the Sandworm team because they used encoded references to the science fiction series “Dune” in their attacks.

ISight said the group often used so-called spear-phishing techniques in its attacks against Western government and commercial targets. That involved sending emails to prospective targets with documents attached that, when opened, could allow the attacker to gain control of the computer.

Many of the emails used were specifically related to the Ukrainian conflict and to wider issues linked to Russia, the company said.

No comments: