http://arstechnica.com/security/2014/10/suspected-russian-sandworm-cyber-spies-targeted-nato-ukraine/
By Robert Lemos
Ars Technica
Oct 13, 2014
A group of cyber spies targeted the North Atlantic Treaty Organization
(NATO), Ukrainian and Polish government agencies, and a variety of
sensitive European industries over the last year, in some cases using a
previously unknown flaw in Windows systems to infiltrate targets,
according to a research report released on Tuesday.
Dubbed "Sandworm" by iSIGHT Partners, the security consultancy that
discovered the zero-day attack, the campaign is suspected to be Russian in
origin based on technical details, the malware tools used, and the chosen
targets, which also included government agencies in Europe and academics
in the United States. If confirmed, the attack is an uncommon look into
Russia's cyber-espionage capabilities.
"We can confirm that NATO was hit; we know from several sources that
multiple organizations in the Ukraine were targeted," John Hultquist,
senior manager of cyber-espionage threat intelligence for iSIGHT. "We have
seen them using Ukrainian infrastructure as part of their attacks."
The Sandworm Team, named because its members include references from Frank
Herbert's Dune series in their code, also used a previously unknown
software flaw, or 0day vulnerability, to compromise some targets. Using
the security hole, the Sandworm group could execute their attacks on
systems running up-to-date versions of Windows 7, Windows 8 and Windows
RT. Microsoft plans to release a patch for the flaw during its regular
updates on Tuesday.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
