Russian Spies Tap Zero-Day Flaw in Microsoft Software

A just-announced zero-day flaw in Microsoft products is opening the door to a Russian cyber-espionage campaign. So far, the campaign has targeted NATO, the European Union, European telecommunications companies, energy firms in Poland, and a U.S. academic organization, according to cyber threat intelligence firm iSight Partners.

The firm on Tuesday announced a critical vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012. With responsible disclosure in mind, iSight worked in close collaboration with Microsoft to disclose the flaw.

IT admins should look for CVE-2014-4114 to patch the issue, which iSight discovered in the wild in connection with a nefarious effort apparently tied to Russian criminals they have dubbed the Sandworm Team. iSight is calling the criminals EUSandwormEU based on its use of encoded references to the classic science fiction series Dune in command and control URLs and malware samples it has discovered.

Spear-Phishing Attacks IDEUd

EUIn late August, while tracking the Sandworm Team, iSight discovered a spear-phishing campaign targeting the Ukrainian government and at least one United States organization,EU iSight said in a blog post. EUNotably, these spear-phishing attacks coincided with the NATO summit on Ukraine held in Wales.EU

Fast forward to December and the firmEUs research and labs teams discovered that the spear-phishing attacks relied on the exploitation of a zero-day vulnerability impacting all supported versions of Microsoft Windows -- except XP -- and Windows Server 2008 and 2012. iSight observed a weaponized PowerPoint document used in the attacks. The firm said the use of this zero-day vulnerability EUvirtually guaranteesEU that all of those entities were victimized to some degree.

What caused the flaw? Working with Microsoft, iSight discovered that a dangerous method vulnerability exists in the OLE (object linking and embedding) package manager in the software. When exploited, the vulnerability allows an attacker to remotely execute arbitrary code. The...

Comments are closed.

Russian Spies Tap Zero-Day Flaw in Microsoft Software

A just-announced zero-day flaw in Microsoft products is opening the door to a Russian cyber-espionage campaign. So far, the campaign has targeted NATO, the European Union, European telecommunications companies, energy firms in Poland, and a U.S. academic organization, according to cyber threat intelligence firm iSight Partners.

The firm on Tuesday announced a critical vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012. With responsible disclosure in mind, iSight worked in close collaboration with Microsoft to disclose the flaw.

IT admins should look for CVE-2014-4114 to patch the issue, which iSight discovered in the wild in connection with a nefarious effort apparently tied to Russian criminals they have dubbed the Sandworm Team. iSight is calling the criminals EUSandwormEU based on its use of encoded references to the classic science fiction series Dune in command and control URLs and malware samples it has discovered.

Spear-Phishing Attacks IDEUd

EUIn late August, while tracking the Sandworm Team, iSight discovered a spear-phishing campaign targeting the Ukrainian government and at least one United States organization,EU iSight said in a blog post. EUNotably, these spear-phishing attacks coincided with the NATO summit on Ukraine held in Wales.EU

Fast forward to December and the firmEUs research and labs teams discovered that the spear-phishing attacks relied on the exploitation of a zero-day vulnerability impacting all supported versions of Microsoft Windows -- except XP -- and Windows Server 2008 and 2012. iSight observed a weaponized PowerPoint document used in the attacks. The firm said the use of this zero-day vulnerability EUvirtually guaranteesEU that all of those entities were victimized to some degree.

What caused the flaw? Working with Microsoft, iSight discovered that a dangerous method vulnerability exists in the OLE (object linking and embedding) package manager in the software. When exploited, the vulnerability allows an attacker to remotely execute arbitrary code. The...

Comments are closed.