The wrath of a fighting nation: Using Windows vulnerabilities to counterattack the United States

[[121269]]

Russian hackers are exploiting vulnerabilities in Microsoft's Windows system to conduct espionage against European and American governments, NATO, and the Ukrainian government, according to a report released on Tuesday by Dallas information security company iSight Partners.

The report said Russian hackers also targeted companies in Europe's energy and telecommunications sectors, as well as some undisclosed academic institutions in the United States.

It is not clear what information was compromised as a result of the hack, but iSight said the targets were related to the standoff between Russia and the West over Ukraine. Those targets included a NATO summit in Wales in early September. Russian hackers targeted the Ukrainian government, as well as at least one U.S. agency.

The illegal activities began in early 2009 and used a variety of techniques to obtain confidential information, but iSight said it was not until late summer this year that the Russian hackers began exploiting so-called "zero-day vulnerabilities" in Windows that were previously unknown to the outside world.

The vulnerability affects multiple versions of Windows, from Windows Vista to Windows 8.1, but Microsoft is expected to release an update to fix the vulnerability soon.

Despite measures taken by Microsoft to try to prevent such attacks, iSight said that hackers can almost always gain access to targets by exploiting Microsoft vulnerabilities and other illegal means. "Such zero-day vulnerabilities result in all targets being compromised to some extent," the report said.

Although the vulnerability affects multiple versions of Windows, iSight said Russian hackers appear to be the only group of hackers exploiting it, though it said other companies and organizations may have been hit.

Representatives for Microsoft and the Russian government have yet to comment.

The hack is the latest in a series of attacks around the world that have affected individuals, governments and businesses. Many of the attacks have originated in Russia and other Eastern European countries, but the hackers' goals are often different.

Last year, for example, hackers from Eastern Europe gained access to up to 110 million pieces of customer data from U.S. retailer Target, and in August, information security researchers discovered that a separate Russian criminal group had stolen a trove of online information, including about 1.2 billion usernames and passwords and more than 500 million email addresses.

This month, JPMorgan Chase suffered another information security attack, which experts believe came from Russia and resulted in the exposure of about 76 million household accounts and 7 million small business accounts of JPMorgan Chase.

iSight said it called the recently discovered Russian hackers "Sandworm" because they used codes related to the science fiction novel "Dune" in their attacks.

iSight said the group often uses phishing techniques in attacks against Western government and business targets. This involves sending emails with document attachments to potential targets, which, when opened, allow the attackers to take control of the computer. Many of these emails are related to the conflict in Ukraine and other issues related to Russia.