Russian hackers exploit Windows vulnerability to conduct espionage

Russian hackers are exploiting vulnerabilities in Microsoft's Windows system to conduct espionage against European and American governments, NATO, and the Ukrainian government, according to a report released Tuesday by Dallas-based information security firm iSight Partners.

The report said Russian hackers also targeted companies in Europe's energy and telecommunications sectors, as well as some undisclosed academic institutions in the United States.

It is not clear what information was compromised as a result of the hack, but iSight said the targets were related to the standoff between Russia and the West over Ukraine. Those targets included a NATO summit in Wales in early September. Russian hackers targeted the Ukrainian government, as well as at least one U.S. agency.

The illegal activities began in early 2009 and used a variety of techniques to obtain confidential information, but iSight said it was not until late summer this year that the Russian hackers began exploiting so-called "zero-day vulnerabilities" in Windows that were previously unknown to the outside world.

The vulnerability affects multiple versions of Windows, from Windows Vista to Windows 8.1, but Microsoft is expected to release an update to fix the vulnerability soon.

Despite measures taken by Microsoft to try to prevent such attacks, iSight said that hackers can almost always gain access to targets by exploiting Microsoft vulnerabilities and other illegal means. "Such zero-day vulnerabilities result in all targets being compromised to some extent," the report said.

Although the vulnerability affects multiple versions of Windows, iSight said Russian hackers appear to be the only group of hackers exploiting it, though it said other companies and organizations may have been hit.

Representatives for Microsoft and the Russian government have yet to comment.

The hack is the latest in a series of attacks around the world that have affected individuals, governments and businesses. Many of the attacks have originated in Russia and other Eastern European countries, but the hackers' goals are often different.

Last year, for example, hackers from Eastern Europe gained access to up to 110 million pieces of customer data from U.S. retailer Target, and in August, information security researchers discovered that a separate Russian criminal group had stolen a trove of online information, including about 1.2 billion usernames and passwords and more than 500 million email addresses.

This month, JPMorgan Chase suffered another information security attack, which experts believe came from Russia and resulted in the exposure of about 76 million household accounts and 7 million small business accounts of JPMorgan Chase.

iSight said it called the recently discovered Russian hackers "Sandworm" because they used codes related to the science fiction novel "Dune" in their attacks.

iSight said the group often used phishing techniques in attacks against Western government and business targets. This involved sending emails with document attachments to potential targets, which, when opened, gave the attackers control of their computers. Many of these emails were related to the conflict in Ukraine and other issues related to Russia.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.