Russian hackers, probably backed by the country’s government, have exploited a vulnerability in all supported versions of Microsoft Windows and other software as part of a cyberespionage campaign to spy on NATO, the European Union, Ukraine and companies in the energy and telecommunications sectors, according to a report by iSight Partners, a Dallas-based cybersecurity firm.
The iSight report did not specify the kind of data found by the Russian hackers but said they were trying to obtain information about the Ukraine crisis and a specific Western European government, as well as other diplomatic, energy and telecom related issues. According to iSight, it has been monitoring the hacker group, dubbed the “Sandworm Team,” from late 2013, while the group is believed to have been active since 2009.
“Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here,” John Hulquist, head of iSight's cyberespionage practice, told Reuters, adding that he believed the hackers were supported by a country because they were involved in espionage, not cyber crime.
According to Drew Robinson, a technical analyst at iSight, the targets of the spying campaign partly suggest that Russia could be the nation supporting the espionage. The command server, which was located in Germany, also exposed Russian-language computer files that had been uploaded by the hackers.
“This is consistent with espionage activity,” The Washington Post quoted iSight Senior Director Stephen Ward as saying. “All indicators from a targeting and lures perspective would indicate espionage with Russian national interests.”
According to iSight, the Sandworm Team prefers to use spear-phishing -- that targets users via fraudulent emails -- with malicious attachments to target victims.
On Sept. 3, researchers at iSight discovered that the spear-phishing attacks relied on the exploitation of a zero-day vulnerability affecting all supported versions of Microsoft Windows, from Vista SP2 to Windows 8.1, and Windows Server 2008 and 2012. A zero-day vulnerability is a software loophole that is unknown to the vendor. Hackers exploit this bug to breach a system before the vendor takes measures to fix it.
“We immediately notified targeted entities, our clients across multiple government and private sector domains and began working with Microsoft to track this campaign and develop a patch to the zero-day vulnerability,” the iSight report said.