Hackers have exploited a previously unknown vulnerability in Microsoft Windows to spy on Nato and the EU

Windows flaw used by hackers to spy on Nato

Russian hackers have spied on Nato, the EU, Ukraine and several energy and telecommunications companies through a security flaw in Microsoft Windows.

According to cyber security firm iSight Partners, the espionage campaign, dubbed the operation Sandworm Team, has been going on for the past five years, likely seeking information related to the crisis in Ukraine as well as confidential diplomatic data.

The cyber-attack has been carried out via targeted phishing emails infecting computers with malicious software and employed a very sophisticated and previously unknown method capable of bypassing virtually all known forms of security protection.

The vulnerability enabling the attack could be found in most versions of Windows, iSight said, adding the hackers have only started exploiting the bug in August this year.

The Dallas-based cyber security consultancy has alerted Microsoft to the issue prior to disclosing details about the vulnerability to allow the software maker to issue a patch.

A Microsoft spokesman said the company plans to roll out an automatic update to affected versions of Windows on Tuesday.

iSight said they believe the attackers were from Russia due to language clues identified on the software code. The likely connection to the Russian government was suggested based on the choice of the targets.

"Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here," said John Hulquist, head of iSight's cyber espionage practice.

While technical indicators do not indicate whether the hackers have ties to the Russian government, Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime.

There was no immediate comment from the Russian government, Nato, the EU or the Ukraine government.

In December 2013, Nato was targeted with a malicious document on European diplomacy. Several regional governments in Ukraine and an academic working on Russian issues in the US were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight.

The firm said its researchers uncovered evidence that some Ukrainian government computer systems were infected, but they were unable to remotely confirm specific victims among those systems that had been targeted.

The iSight research is the latest in a series of private sector security reports that link Moscow to some of the most sophisticated cyber espionage uncovered to date.

Russia's Kaspersky Lab in August released details on a campaign that attacked two spy agencies and hundreds of government and military targets across Europe and the Middle East.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them