HackDig : Dig high-quality web security articles for hackers

Russian espionage group used Windows 0-day to target NATO, EU

2014-10-14 09:05
In today's Patch Tuesday, Microsoft will be releasing a wide variety of patches, and among them will be a patch for a zero-day vulnerability that has been used in a cyber-espionage campaign targeting NATO, the European Union, Ukrainian and Polish government organizations, and European companies in the telecommunications and energy sectors.

The vulnerability and the attack exploiting it have been discovered by iSIGHT Partners, whose researchers were tracking the activities of a group of hackers whom they suspect to be of Russian origin and potentially working for (or selling information to) the Russian government.

“On September 3rd, our research and labs teams discovered that the spear-phishing attacks relied on the exploitation of a zero-day vulnerability impacting all supported versions of Microsoft Windows (XP is not impacted) and Windows Server 2008 and 2012,” iSIGHT shared.

The vulnerability, dubbed SandWorm (CVE-2014-4114) because of many references to Frank Herbert's Dune contained in the exploit code, is found in the OLE package manager in Microsoft Windows and Server and, in this particular case, malicious Microsoft PowerPoint files would make the OLE packager download additional malicious files that allowed the attackers to execute commands on the targeted systems.

iSIGHT researchers say that the SandWorm Team has been operational for at least five years, and has been targeting institutions and individuals considered to be at work against Russian interests.

They have, in the past, exploited at least five other older vulnerabilities, and other security firms have noted that they have used modified versions of the BlackEnergy crimeware to steal confidential information.

iSIGHT has notified Microsoft about the SandWorm vulnerability, and has been helping them with information.

"The power of the exploit is pretty substantial," John Hultquist, senior manager of cyber-espionage threat intelligence for iSIGHT, commented for Ars Technica. "From talking to some people over here, they have had a hard time writing signatures for it, and the attack does not crash anything. It's subtle."

Source: php.dlrowces/QYJV9JV2Mjv/3~/ytiruceSteNpleH/r~/moc.elgoog.yxorpdeef

Read:3228 | Comments:0 | Tags:No Tag

“Russian espionage group used Windows 0-day to target NATO, EU”0 Comments

Submit A Comment



Blog :

Verification Code: