A hacker group in Russia exploited a security flaw in Microsoft Windows software to spy on NATO, the Ukraine, and a number of other targets, according to a report this week from a Texas cybersecurity firm.
The hackers also launched attacks on a French telecommunications firm, a Polish energy firm, an unknown Western European government, and an unknown academic organization in the U.S., according to a report from iSIGHT Partners in Dallas. iSIGHT began monitoring the group in late 2013, dubbing it “Sandworm Team” after discovering references in its code to the Dune series of science fiction novels. But iSIGHT says the group appears to have started nearly five years ago.
The hackers prefer to target victims by sending them tailor-made malicious documents, which infect the victim’s computer when opened — a surgical approach known as a “spear-phishing attack.” At least some such attacks by Sandworm Team exploited a previously unknown security vulnerability in Windows’s “Object Linking and Embedding” framework, which allows one type of file to be embedded in another type of file, for example to place a spreadsheet inside a word processing document. The vulnerability in OLE allowed the hackers to send emails to targets with tainted PowerPoint documents attached that could lead to instant spying if clicked.
Interests in Ukraine, where Russia has annexed the Crimean peninsula and supported pro-Russian separatists, appear to have been a major target of the hack attacks.
“Many of the lures observed have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia,” iSIGHT’s report said, adding that a number of other attacks, including the attack on the U.S. academic organization, clustered around a NATO summit on Ukraine held in Wales.
iSightPartners said it immediately worked with Microsoft to minimize any future exploitation. Microsoft already released an update to fix the security flaw on Tuesday after the report, albeit after the hackers were able to gain access to their intended targets’ computers.
Still, iSIGHT noted that some of the attacks, including attacks on NATO, relied on techniques other than the Microsoft OLE vulnerability.
Photo: Mark Lennihan/AP
First came the Never Trumpers, and I did not speak out, because they stood against Donald Trump. Then came the Lincoln Project, and I did not speak out, because their videos went viral. Then came the Chamber of Commerce, and by then it was too late.