- Google Maps on iPhone now shows you speed traps 5 Years Ago
- Here’s why you’re seeing ‘rise and shine’ all over social media 5 Years Ago
- AOC grills Zuckerberg over false political ads on Facebook 5 Years Ago
- Fox News promotes pro-faith, anti-antifa film ‘The Reliant’ 5 Years Ago
- Cardi B to star in ‘Fast & Furious 9’ 5 Years Ago
- AOC on opening her DMs: ‘By this morning, it was trash’ Today 2:26 PM
- The ending to Netflix’s ‘Eli’ has divided viewers Today 2:07 PM
- Teen consumes ungodly amount of meat, becomes meme Today 2:07 PM
- Edward Snowden says 9/11 could have been stopped on Joe Rogan podcast Today 1:44 PM
- TikTok releases safety videos Today 1:30 PM
- Instagram to label fake news as ‘False Information’ Today 1:28 PM
- A handy guide to deciding which VSCO filter your photo needs Today 12:35 PM
- Mom calls out teacher for painting fake bullet wound on her son’s face Today 12:04 PM
- It’s time to find the right router for your home Today 11:54 AM
- Matt Gaetz attempts to storm impeachment hearing with a phalanx of elderly white men Today 11:17 AM
Russian hackers spied on NATO and Ukraine using a Windows security exploit
The exploit is patched, but the damage is done.
Hackers exploited a previously undisclosed security flaw in Microsoft’s Windows operating system to spy on the North Atlantic Treaty Organization (NATO), Ukrainian officials, and European telecommunication firms, according to U.S. cybersecurity firm iSIGHT.
A security report released by iSIGHT on Tuesday claimed that a team of Russian hackers—dubbed “Sandstorm” due to their frequent use of Dune references—is responsible for a cyberespionage campaign employing multiple exploit methods, including this newly reported Windows zero-day vulnerability.
The Sandstorm hackers rely on techniques like social engineering and email phishing to be effective, iSIGHT said. Operating systems vulnerable to their attacks include Windows 7, Windows 8, and Windows RT.
“The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files,” iSIGHT’s reports. “In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources.”
Image by iSIGHT
For more than a month, iSIGHT and Microsoft coordinated to track the use of the exploit “in the wild” and develop a patch to protect against it. The two companies elected to withhold the vulnerability until the patch was finished to prevent other criminal hackers from taking advantage of the security flaw. “Should we have witnessed a major change, both Microsoft and iSIGHT Partners were ready to release this information in advance of the patch,” iSIGHT said.
According to the researchers, use of the Windows exploit increased as fighting intensified in Eastern Ukraine. Multiple organizations in Ukraine were attacked along with the NATO alliance and an unnamed Polish energy firm. A French telecommunications firm was also targeted by the same group, iSIGHT said, using a malicious program called Black Energy, which has been used in the past to launch denial of service (DDoS) attacks and steal sensitive financial information.
“Though we have not observed details on what data was exfiltrated in this campaign,” iSIGHT said, “the use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree.”
Photo via Herr Olsen/Flickr (CC BY 2.0)
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.