A hacker group in Russia exploited a security flaw in Microsoft Windows software to spy on NATO, the Ukraine, and a number of other targets, according to a report this week from a Texas cybersecurity firm.
The hackers also launched attacks on a French telecommunications firm, a Polish energy firm, an unknown Western European government, and an unknown academic organization in the U.S., according to a report from iSIGHT Partners in Dallas. iSIGHT began monitoring the group in late 2013, dubbing it “Sandworm Team” after discovering references in its code to the Dune series of science fiction novels. But iSIGHT says the group appears to have started nearly five years ago.
The hackers prefer to target victims by sending them tailor-made malicious documents, which infect the victim’s computer when opened — a surgical approach known as a “spear-phishing attack.” At least some such attacks by Sandworm Team exploited a previously unknown security vulnerability in Windows’s “Object Linking and Embedding” framework, which allows one type of file to be embedded in another type of file, for example to place a spreadsheet inside a word processing document. The vulnerability in OLE allowed the hackers to send emails to targets with tainted PowerPoint documents attached that could lead to instant spying if clicked.
Interests in Ukraine, where Russia has annexed the Crimean peninsula and supported pro-Russian separatists, appear to have been a major target of the hack attacks.
“Many of the lures observed have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia,” iSIGHT’s report said, adding that a number of other attacks, including the attack on the U.S. academic organization, clustered around a NATO summit on Ukraine held in Wales.
iSightPartners said it immediately worked with Microsoft to minimize any future exploitation. Microsoft already released an update to fix the security flaw on Tuesday after the report, albeit after the hackers were able to gain access to their intended targets’ computers.
Still, iSIGHT noted that some of the attacks, including attacks on NATO, relied on techniques other than the Microsoft OLE vulnerability.
Photo: Mark Lennihan/AP
IT’S EVEN WORSE THAN WE THOUGHT.
What we’re seeing right now from Donald Trump is a full-on authoritarian takeover of the U.S. government.
This is not hyperbole.
Court orders are being ignored. MAGA loyalists have been put in charge of the military and federal law enforcement agencies. The Department of Government Efficiency has stripped Congress of its power of the purse. News outlets that challenge Trump have been banished or put under investigation.
Yet far too many are still covering Trump’s assault on democracy like politics as usual, with flattering headlines describing Trump as “unconventional,” “testing the boundaries,” and “aggressively flexing power.”
The Intercept has long covered authoritarian governments, billionaire oligarchs, and backsliding democracies around the world. We understand the challenge we face in Trump and the vital importance of press freedom in defending democracy.
We’re independent of corporate interests. Will you help us?
IT’S BEEN A DEVASTATING year for journalism — the worst in modern U.S. history.
We have a president with utter contempt for truth aggressively using the government’s full powers to dismantle the free press. Corporate news outlets have cowered, becoming accessories in Trump’s project to create a post-truth America. Right-wing billionaires have pounced, buying up media organizations and rebuilding the information environment to their liking.
In this most perilous moment for democracy, The Intercept is fighting back. But to do so effectively, we need to grow.
That’s where you come in. Will you help us expand our reporting capacity in time to hit the ground running in 2026?
We’re independent of corporate interests. Will you help us?
I’M BEN MUESSIG, The Intercept’s editor-in-chief. It’s been a devastating year for journalism — the worst in modern U.S. history.
We have a president with utter contempt for truth aggressively using the government’s full powers to dismantle the free press. Corporate news outlets have cowered, becoming accessories in Trump’s project to create a post-truth America. Right-wing billionaires have pounced, buying up media organizations and rebuilding the information environment to their liking.
In this most perilous moment for democracy, The Intercept is fighting back. But to do so effectively, we need to grow.
That’s where you come in. Will you help us expand our reporting capacity in time to hit the ground running in 2026?
We’re independent of corporate interests. Will you help us?
Contact the author:
Latest Stories
Voices
DOJ Escalates War on Trans Youth Healthcare With Criminal Subpoenas
We already know how high the stakes are for patients and their families — and rolling over now could hurt all of medicine.
Trials of Richard Glossip
“It’s Overwhelming But It’s Amazing”: Richard Glossip Released From Jail After Three Decades
After nine execution dates, three last meals, and a Supreme Court ruling in his favor, Richard Glossip should soon walk free.
Midterms 2026
This California Congressional Hopeful Opposes a Billionaire Tax. So Do His Tech CEO Backers.
The largest individual donor to a PAC backing Scott Wiener has spent millions fighting billionaire tax measures.