Microsoft blames Russia for cyber-attacks exploiting Windows security flaw
Microsoft has accused a hacking group with links to the Russian government for a series of recent cyber-attacks that exploited a newly discovered security flaw in its Windows operating system.
It said there had been a small number of attacks using ‘spear phishing’ emails from a hacking group known as Strontium, or more widely known as ‘Fancy Bear’, or APT 28. Microsoft did not identify any victims.
The group has also been recently blamed for a series of hacks on US political targets, including the Democratic Party, which saw a batch of confidential emails released on Wikileaks.
Washington itself blamed Moscow for the attacks which it said were an attempt to disrupt and discredit the election, although Russia has denied the accusations.
The emails saw staffers for the Democratic National Convention deride the campaign of Bernie Sanders, who was fighting for the Democratic nomination at the time, in favour of eventual winner Hilary Clinton.
Microsoft said a patch to protect Windows users against the newly discovered threat will be released on 8 November, which is Election Day. It was not clear whether the Windows vulnerability had been used in any of the recent US political hacks.
A US intelligence expert on Russian cyber activity said that Fancy Bear primarily works for or on behalf of the Russia’s military intelligence agency.
In spear phishing, an attacker sends targeted messages, typically via email, that exploit known information to trick victims into clicking on malicious links or open tainted attachments.
Microsoft said the attacks exploited a vulnerability in Adobe’s Flash software and one in the Windows operating system.
Adobe released a patch for that vulnerability on Monday, when security researchers with Google went public with details on the attack.
Microsoft chided rival Google for going public with details of the vulnerabilities before it had time to prepare and test a patch to fix them.
“Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” Microsoft said.
A Google representative declined to comment on Microsoft’s statement.
Google disclosed the flaw on Monday, following its standing policy of going public seven days after discovering “critical vulnerabilities” that are being actively exploited by hackers.
The search giant normally gives software companies 60 days to patch less serious bugs.