Cyber-security company iSIGHT has revealed the details of a Russian cyber-espionage campaign conducted against NATO countries that has been conducted over the last year. The attacks were perpetrated by using a zero-day exploit in all supported versions of Windows, and Windows Server 20008 and 2012. Microsoft is aware of the vulnerability and is currently working on a patch.
The group behind the attacks, currently being called ‘Sandworm’ for its multiple references to Frank Herbert’s Dune, appears to be targeting NATO targets in relation to the Ukraine situation that has been developing since Russia’s annexation of the Crimea region in March 2014. Multiple targets were affected including Ukrainian government organisations, European telecommunications companies, Polish energy sector firms, and American educational institutions.
It is currently unknown what the attackers were looking for, not to mention there is no indication of what kind of information has been stolen in the breaches. However, iSIGHT notes that it tracked a dedicated spear phishing campaign against the Ukraine government and American institutions at the same time as the NATO summit on the situation in eastern Ukraine.
Vulnerable operating systems include Windows 7 and 8.1; although curiously Windows XP is unaffected by the zero-day exploit, despite it no longer receiving support from Microsoft.
News about Russian cyber-attacks is rare, as most recent incidents have been attributed to Chinese and North Korean hackers. Details of this attack provide insight about Russian cyber-warfare capabilities and its methods of attack. This is not the first time Russia has experimented with cyber-attacks as the country had previously used the strategy to disrupt government communications in Georgia before launching an offensive in 2008.