Ofer For You (1)

Friday 17 October 2014

Russian Hackers Used Bug in Microsoft Windows for Spying


By "Kunal Vohra", Director@H2K



Russian hackers used a bug in Microsoft Windows to spy on several Western governments, NATO and the Ukrainian government, according to a report released Tuesday by iSight Partners, a computer security firm in Dallas.

The targets also included European energy and telecommunications companies and an undisclosed academic organization in the United States, the Internet security report said.

While it is unclear what type of information may have been retrieved, iSight said that the targets of the attacks were often linked to the standoff in Ukraine between Russia and the West.

That included the NATO summit meeting in Wales in early September at which the Russian hackers targeted the Ukrainian government and at least one American organization, the report said.

The illegal activities started as early as 2009 and used a variety of techniques to gain access to confidential information. But iSight said that it was only in the late summer that the Russian hackers started using what experts refer to as a zero-day attack — the exploitation of a previously unknown vulnerability — on Windows.

The bug affected versions from Windows Vista to the company’s latest software, Windows 8.1, though Microsoft is expected to release an update on Tuesday to resolve the potential vulnerability.

Despite efforts to thwart the Russian hackers’ attacks, iSight said using the Microsoft bug and other illegal tactics almost certainly allowed the hackers to gain some access to their targets.

“The use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree,” the company said.

While the vulnerability affected many versions of Windows, iSight said the Russian hackers appeared to be the only group to use the bug. The company added, however, that other companies and organizations might also have been attacked.

Representatives for Microsoft and the Russian government were not immediately available for comment.

The discovery of the hacking is the latest in a series of worldwide attacks that have affected individuals, government agencies and companies.

Many of these attacks have originated in Russia and other Eastern European countries, though the purpose of the hackers’ efforts has often varied.

Last year, for example, Eastern European hackers gained access to the data of up to 110 million customers of the retailer Target.

In August, security researchers discovered that a separate Russian crime ring had amassed a huge collection of stolen online information, including roughly 1.2 billion user names and passwords and more than 500 million email addresses.

And this month, JPMorgan Chase also revealed that another cyberattack, which experts believe originated in Russia, had compromised the banking accounts of roughly 76 million households and seven million small businesses.

ISight said it had called the most recent Russian hackers the Sandworm team because they used encoded references to the science fiction series “Dune” in their attacks.

ISight said the group often used so-called spear-phishing techniques in its attacks against Western government and commercial targets. That involved sending emails to prospective targets with documents attached that, when opened, could allow the attacker to gain control of the computer.

Many of the emails were specifically related to the Ukrainian conflict and to wider issues linked to Russia, the company said.

Source:- New York Times

No comments:

Post a Comment