Russian hackers have used a vulnerability in Microsoft software to spy on targets including NATO and Western European governments.
Security firm iSight Partners said a zero-day vulnerability, impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012, was used by hackers in Russia to spy on various targets.
NATO, Ukrainian government organisations, Western European government, energy companies in Poland, European telecommunications firms and academic organisations in the US are all said to have been targeted.
iSight said the hackers could have been operating since 2009. iSight Partners has been monitoring the Sandworm Team’s activities from late 2013 and throughout 2014.
“The team prefers the use of spear-phishing with malicious document attachments to target victims. Many of the lures observed have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia,” said iSight Partners.
|The team has recently used multiple exploit methods to trap its targets, including the use of BlackEnergy crimeware, exploitation of as many as two known vulnerabilities simultaneously, and this newly observed Microsoft Windows zero-day.”
The company said it does not know what data was taken but because it is a zero-day vulnerability it “virtually guarantees that all of those entities targeted fell victim to some degree.”
Read more about Microsoft zero day vulnerabilities:
- Microsoft warns of new zero-day Internet Explorer flaw
- Microsoft fails to address IE zero day before public disclosure
- Microsoft zero day affecting Word, Outlook present in preview mode
Tim Erlin, director of IT security and risk strategy for Tripwire said: “It’s a short path from shoe phones to zero days. It’s simply not surprising that this kind of activity has been going on. Russia, the United States, Britain and others have long histories of very strong and effective spy organisations.
"There should be little surprise that these groups have continued their missions through the boom of technology.
“Defending against such a targeted attack is extremely difficult. When the attacker is willing to spend significant resources to compromise you specifically, the playing field can be very uneven. As an industry, we tend to focus on the many broad threats that exist, but these kinds of targeted and sophisticated campaigns may actually do more damage."