Russian hackers have used a vulnerability in Microsoft software to spy on targets including NATO and Western European governments.
Security firm iSight Partners said a zero-day vulnerability, impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012, was used by hackers in Russia to spy on various targets.
NATO, Ukrainian government organisations, Western European government, energy companies in Poland, European telecommunications firms and academic organisations in the US are all said to have been targeted.
iSight said the hackers could have been operating since 2009. iSight Partners has been monitoring the Sandworm Team’s activities from late 2013 and throughout 2014.
“The team prefers the use of spear-phishing with malicious document attachments to target victims. Many of the lures observed have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia,” said iSight Partners.
|The team has recently used multiple exploit methods to trap its targets, including the use of BlackEnergy crimeware, exploitation of as many as two known vulnerabilities simultaneously, and this newly observed Microsoft Windows zero-day.”
The company said it does not know what data was taken but because it is a zero-day vulnerability it “virtually guarantees that all of those entities targeted fell victim to some degree.”
Tim Erlin, director of IT security and risk strategy for Tripwire said: “It’s a short path from shoe phones to zero days. It’s simply not surprising that this kind of activity has been going on. Russia, the United States, Britain and others have long histories of very strong and effective spy organisations.
“There should be little surprise that these groups have continued their missions through the boom of technology.
“Defending against such a targeted attack is extremely difficult. When the attacker is willing to spend significant resources to compromise you specifically, the playing field can be very uneven. As an industry, we tend to focus on the many broad threats that exist, but these kinds of targeted and sophisticated campaigns may actually do more damage.”
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK