Russian Hackers Exploit Windows Flaw to Hit NATO, Ukraine
Staff Reporter | | Oct 14, 2014 08:00 PM EDT |
(Photo : Reuters)
Security company iSight announced in a blog post Tuesday that Russian hackers have exploited the CVE-2014-4114 vulnerability in the Windows operating system, allowing cyber criminals to target computers used by the European Union, NATO, Ukraine and the energy and telecommunication sectors.
Like Us on Facebook
The firm said the zero-day vulnerability impacts all supported versions of Windows Server 2008 and 2012 and Windows. Microsoft said that it is preparing to patch the vulnerability, dubbed "Sandworm."
The automatic fix will be a part of the software company's weekly release of updates, nicknamed "Patch Tuesday."
iSight said the exploit was utilized as part of a cyberespionage campaign that lasted five years. The cyber criminals, tagged the "Sandworm team," has been observed by the security firm from the latter part of 2013 to the present, although reports point out that the campaign was in progress since 2009.
One of the team's favorite technique for breaching computer systems is spear phishing with malware attached, while their other exploit methods include the use of Microsoft's Windows zero-day flaw, as well as BlackEnergy crimeware.
Since August of the previous year, the Windows CVE-2014-4114 vulnerability has been used mainly through weaponized PowerPoint documents.
Before its latest attack, iSight said the Sandworm team had launched campaigns targeting the EU and United States military establishments, defense contractors, news organizations and intelligence communities, as well as rebels and jihadists in Chechnya. Its focus, however, has turned towards the conflict between Russia and Ukraine, political issues concerning Russia and energy industries based on the evidence obtained from the phishing emails.
While the computer security experts are not sure what information has been obtained throughout the Sandworm campaign, "the use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree."
TagsiSight, Sandworm, CVE-2014-4114, Patch Tuesday, Sandworm Team, Russian hackers, European Union, Chechnya, Ukraine, Russia, internet security, Data breach
©2015 Chinatopix All rights reserved. Do not reproduce without permission
EDITOR'S PICKS
-
Did the Trump administration just announce plans for a trade war with ‘hostile’ China and Russia?
-
US Senate passes Taiwan travel bill slammed by China
-
As Yan Sihong’s family grieves, here are other Chinese students who went missing abroad. Some have never been found
-
Beijing blasts Western critics who ‘smear China’ with the term sharp power
-
China Envoy Seeks to Defuse Tensions With U.S. as a Trade War Brews
-
Singapore's Deputy PM Provides Bitcoin Vote of Confidence Amid China's Blanket Bans
-
China warns investors over risks in overseas virtual currency trading
-
Chinese government most trustworthy: survey
-
Kashima Antlers On Course For Back-To-Back Titles
MOST POPULAR
LATEST NEWS
Zhou Yongkang: China's Former Security Chief Sentenced to Life in Prison
China's former Chief of the Ministry of Public Security, Zhou Yongkang, has been given a life sentence after he was found guilty of abusing his office, bribery and deliberately ... Full Article
TRENDING STORY
-
China Pork Prices Expected to Stabilize As The Supplies Recover
-
Elephone P9000 Smartphone is now on Sale on Amazon India
-
There's a Big Chance Cliffhangers Won't Still Be Resolved When Grey's Anatomy Season 13 Returns
-
Supreme Court Ruled on Samsung vs Apple Dispute for Patent Infringement
-
Microsoft Surface Pro 5 Rumors and Release Date: What is the Latest?