Advertisements

How Russian Spies Hacked NATO, Ukraine

Russ-Hack

Russian hackers use ‘zero-day’ in cyber-spy campaign

For The Washington PostEllen Nakashima reports: A Russian hacking group probably working for the government has been exploiting a previously unknown flaw in Microsoft’s Windows operating system to spy on NATO, the Ukrainian government, a U.S. university researcher and other national security targets, according to a new report.sandworm-dune

“This is consistent with espionage activity. All indicators from a targeting and lures perspective would indicate espionage with Russian national interests.”

—  iSight Senior Director Stephen Ward

The group has been active since at least 2009, according to research by iSight Partners, a cybersecurity firm.

Its targets in the recent campaign also included a Polish energy firm, a Western European government agency and a French telecommunications firm.

“This is consistent with espionage activity,” said iSight Senior Director Stephen Ward. “All indicators from a targeting and lures perspective would indicate espionage with Russian national interests.”

“The firm began monitoring the hackers’ activity in late 2013 and discovered the vulnerability  in August…The flaw is pres­ent in every Windows operating system from Vista to 8.1, he said, except Windows XP.”

There is no indication that the group was behind a recent spate of intrusions into U.S. banks, including JPMorgan Chase, Ward said.

18lpruvf0rq5yjpg

“ISight dubbed the recently detected hacking group SandWorm because of references embedded in its code to the science-fiction novel ‘Dune.’ There were various mentions in Russian to the fictional desert planet of Arrakis, for instance.”

Current and former U.S. intelligence officials say the capabilities of Russian hackers are on par with those of the United States and Israel.

“It’s possible they’ve become more active in response to the Ukrainian situation,” said a former intelligence official. “And when you become more active, you increase your likelihood of getting caught.”

ISight dubbed the recently detected hacking group SandWorm because of references embedded in its code to the science-fiction novel “Dune.” There were various mentions in Russian to the fictional desert planet of Arrakis, for instance.

The firm began monitoring the hackers’ activity in late 2013 and discovered the vulnerability — known as a “zero-day” — in August, Ward said. The flaw is pres­ent in every Windows operating system from Vista to 8.1, he said, except Windows XP.

The Ukrainian government was targeted in late August, in the lead-up to the NATO summit in Wales, where…(read more)

The Washington Post

Advertisements


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.