Russian hackers target NATO, Ukraine and others

Russian hackers exploited a bug in Microsoft Windows and other software to spy on computers used by NATO, the European Union, Ukraine and companies in the energy and telecommunications sectors, according to cyber intelligence firm iSight Partners.

ISight said it did not know what data had been found by the hackers, though it suspected they were seeking information on the Ukraine crisis, as well as diplomatic, energy and telecom issues, based on the targets and the contents of phishing emails used to infect computers with tainted files.

The five-year cyber espionage campaign is still going on, according to iSight, which dubbed the operation “Sandworm Team” because it found references to the “Dune” science fiction series in the software code used by the hackers.

The operation used a variety of ways to attack the targets over the years, iSight said, adding that the hackers began only in August to exploit a vulnerability found in most versions of Windows.

ISight said it told Microsoft Corp about the bug and held off on disclosing the problem so the software maker had time to fix it.

A Microsoft spokesman said the company plans to roll out an automatic update to affected versions of Windows on Tuesday.

There was no immediate comment from the Russian government, NATO, the EU or the Ukraine government.

Researchers with Dallas-based iSight said they believed the hackers are Russian because of language clues in the software code and because of their choice of targets.

“Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here,” said John Hultquist, head of iSight’s cyber espionage practice. The firm plans to release a 16-page report on Sandworm Team to its clients on Tuesday.

While technical indicators do not indicate whether the hackers have ties to the Russian government, Hultquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime.

For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight.

The firm said its researchers uncovered evidence that some Ukrainian government computer systems were infected, but they were unable to remotely confirm specific victims among those systems that had been targeted.

Still, researchers believe a large percentage of those targeted systems were infected because the malicious software used was very sophisticated, using a previously unknown attack method that enabled it to get past virtually all known security protections, said Drew Robinson, a senior technical analyst with iSight Partners.

ISight said it had alerted some victims of Sandworm Team, but declined to elaborate.

The iSight research is the latest in a series of private sector security reports that link Moscow to some of the most sophisticated cyber espionage uncovered to date.

Russia’s Kaspersky Lab in August released details on a campaign that attacked two spy agencies and hundreds of government and military targets across Europe and the Middle East.


4 Comments on Russian hackers target NATO, Ukraine and others

  1. the idea of the password is obsolete and has been. passwords are hard to manage given the numerous sites that require them and the need to constantly change them. To be honest, the fact that too many websites are lax with their security or sell our personal information to entities that may be lax with our information as well as government agencies deliberately inserting or taking advantage of security holes, it’s a wonder that people are still using the internet. I don’t even think biometric security would be safe due to spoofing. Personally, I think a pro-active stance should be taken against these hackers. call them economic terrorists and let the CIA get over zealous on them.

  2. What…”password” isn’t a secure password?

  3. how do we know you’re really earl Shelton? how do we know you’re not Mel Torme?

  4. What these cyber thieves are after is access to financial accounts. They should be stopped dead in their tracks by all financial sites or sites that have access to your financial information by adopting a two step verification process. Gathering passwords won’t be enough to compromise security, if they need an ephemeral identifier to actually gain access. The beauty of that identifier is that no one is expected to remember it, since it is only good for a matter of seconds or minutes. Paypal uses a special security key or your mobile phone to transmit the code. Google uses your mobile phone to transmit a text message. They can also call your mobile or landline to give you the code. Without access to your communication devices, a cyber criminal would have to cycle through every possible combination in mere seconds before the code will be reset.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: