A hacker group in Russia exploited a security flaw in Microsoft Windows software to spy on NATO, the Ukraine, and a number of other targets, according to a report this week from a Texas cybersecurity firm.
The hackers also launched attacks on a French telecommunications firm, a Polish energy firm, an unknown Western European government, and an unknown academic organization in the U.S., according to a report from iSIGHT Partners in Dallas. iSIGHT began monitoring the group in late 2013, dubbing it “Sandworm Team” after discovering references in its code to the Dune series of science fiction novels. But iSIGHT says the group appears to have started nearly five years ago.
The hackers prefer to target victims by sending them tailor-made malicious documents, which infect the victim’s computer when opened — a surgical approach known as a “spear-phishing attack.” At least some such attacks by Sandworm Team exploited a previously unknown security vulnerability in Windows’s “Object Linking and Embedding” framework, which allows one type of file to be embedded in another type of file, for example to place a spreadsheet inside a word processing document. The vulnerability in OLE allowed the hackers to send emails to targets with tainted PowerPoint documents attached that could lead to instant spying if clicked.
Interests in Ukraine, where Russia has annexed the Crimean peninsula and supported pro-Russian separatists, appear to have been a major target of the hack attacks.
“Many of the lures observed have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia,” iSIGHT’s report said, adding that a number of other attacks, including the attack on the U.S. academic organization, clustered around a NATO summit on Ukraine held in Wales.
iSightPartners said it immediately worked with Microsoft to minimize any future exploitation. Microsoft already released an update to fix the security flaw on Tuesday after the report, albeit after the hackers were able to gain access to their intended targets’ computers.
Still, iSIGHT noted that some of the attacks, including attacks on NATO, relied on techniques other than the Microsoft OLE vulnerability.
Photo: Mark Lennihan/AP
IT’S EVEN WORSE THAN WE THOUGHT.
What we’re seeing right now from Donald Trump is a full-on authoritarian takeover of the U.S. government.
This is not hyperbole.
Court orders are being ignored. MAGA loyalists have been put in charge of the military and federal law enforcement agencies. The Department of Government Efficiency has stripped Congress of its power of the purse. News outlets that challenge Trump have been banished or put under investigation.
Yet far too many are still covering Trump’s assault on democracy like politics as usual, with flattering headlines describing Trump as “unconventional,” “testing the boundaries,” and “aggressively flexing power.”
The Intercept has long covered authoritarian governments, billionaire oligarchs, and backsliding democracies around the world. We understand the challenge we face in Trump and the vital importance of press freedom in defending democracy.
We’re independent of corporate interests. Will you help us?
IT’S BEEN A DEVASTATING year for journalism — the worst in modern U.S. history.
We have a president with utter contempt for truth aggressively using the government’s full powers to dismantle the free press. Corporate news outlets have cowered, becoming accessories in Trump’s project to create a post-truth America. Right-wing billionaires have pounced, buying up media organizations and rebuilding the information environment to their liking.
In this most perilous moment for democracy, The Intercept is fighting back. But to do so effectively, we need to grow.
That’s where you come in. Will you help us expand our reporting capacity in time to hit the ground running in 2026?
We’re independent of corporate interests. Will you help us?
I’M BEN MUESSIG, The Intercept’s editor-in-chief. It’s been a devastating year for journalism — the worst in modern U.S. history.
We have a president with utter contempt for truth aggressively using the government’s full powers to dismantle the free press. Corporate news outlets have cowered, becoming accessories in Trump’s project to create a post-truth America. Right-wing billionaires have pounced, buying up media organizations and rebuilding the information environment to their liking.
In this most perilous moment for democracy, The Intercept is fighting back. But to do so effectively, we need to grow.
That’s where you come in. Will you help us expand our reporting capacity in time to hit the ground running in 2026?
We’re independent of corporate interests. Will you help us?
Contact the author:
Latest Stories
Voices
The Surprising Reaction Inside Iran to Its War Victory
Despite extracting extraordinary concessions, the reaction in Iran isn’t entirely jubilant. Past betrayals are too recent to forget.
Chilling Dissent
FBI Tried to Flip Anti-ICE Protesters Into Informants
“They were asking me to inform,” said a protester, one of dozens contacted by the feds, who was arrested while playing the cello.
Voices
Chud the Builder Fantasized About “Race War.” Now He’s Charged With Attempted Murder.
Dalton Eatherly streams his racist provocations online. It was only a matter of time before the violence rhetoric entered the real world.