Suspected Russian "Sandworm" cyber spies targeted NATO, Ukraine

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2014/10/suspected-russian-sandworm-cyber-spies-targeted-nato-ukraine/

By Robert Lemos
Ars Technica
Oct 13, 2014

A group of cyber spies targeted the North Atlantic Treaty Organization 
(NATO), Ukrainian and Polish government agencies, and a variety of 
sensitive European industries over the last year, in some cases using a 
previously unknown flaw in Windows systems to infiltrate targets, 
according to a research report released on Tuesday.

Dubbed "Sandworm" by iSIGHT Partners, the security consultancy that 
discovered the zero-day attack, the campaign is suspected to be Russian in 
origin based on technical details, the malware tools used, and the chosen 
targets, which also included government agencies in Europe and academics 
in the United States. If confirmed, the attack is an uncommon look into 
Russia's cyber-espionage capabilities.

"We can confirm that NATO was hit; we know from several sources that 
multiple organizations in the Ukraine were targeted," John Hultquist, 
senior manager of cyber-espionage threat intelligence for iSIGHT. "We have 
seen them using Ukrainian infrastructure as part of their attacks."

The Sandworm Team, named because its members include references from Frank 
Herbert's Dune series in their code, also used a previously unknown 
software flaw, or 0day vulnerability, to compromise some targets. Using 
the security hole, the Sandworm group could execute their attacks on 
systems running up-to-date versions of Windows 7, Windows 8 and Windows 
RT. Microsoft plans to release a patch for the flaw during its regular 
updates on Tuesday.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/