{"id":6649,"date":"2014-10-16T10:00:26","date_gmt":"2014-10-16T14:00:26","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=6649"},"modified":"2014-10-16T10:00:26","modified_gmt":"2014-10-16T14:00:26","slug":"security-firm-discovers-windows-zero-day-claims-russian-hackers-used-it-to-target-nato-ukraine","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/16\/security-firm-discovers-windows-zero-day-claims-russian-hackers-used-it-to-target-nato-ukraine\/","title":{"rendered":"Security firm discovers Windows zero-day, claims Russian hackers used it to target NATO, Ukraine"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.techspot.com\/news\/58426-security-firm-discovers-windows-zero-day-claims-russian.html\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/10\/2014-06-11.jpg\" alt=\"\" \/><\/a><\/p>\n<p>A Russian hacking group has been exploiting a security flaw in Microsoft Windows to spy on NATO, the Ukrainian government, the European Union, an American academic organization, and companies in telecommunications and energy sectors, according to cyber intelligence firm iSight Partners.<\/p>\n<p>The group, which has been active since at least 2009, prefers the use of spear-phishing with malicious document attachments to target victims. The firm has internally dubbed the hacking group \u201cSandworm Team\u201d after it found references to the science-fiction series \u201cDune\u201d in their software code.<\/p>\n<p>Citing the choice of targets as well as language clues embedded in the code, the company says it believes the hackers are Russians and are probably working for the government. They also note that there is no indication this is the same group that launched a massive cyberattack on at least five US banks, including JP Morgan Chase, in August this year.<\/p>\n<p>iSight, which has been monitoring the Sandworm Team\u2019s activities from late 2013, said it has evidence that some Ukrainian government computer systems were infected, but the company doesn&#8217;t have details on what data was exfiltrated in this campaign.<\/p>\n<p>As for the Windows vulnerability, the security firm says it impacts all supported versions of Microsoft Windows (except Windows XP) and Windows Server 2008 and 2012. This is quite ironic, considering Microsoft said last year that &#8220;Windows XP is 21 times more likely to be infected than Windows 8&#8221;.<\/p>\n<p>iSight discovered the bug last month, and has already shared it with Microsoft, which plans to release a patch for the vulnerability today as part of its Patch Tuesday release. The security firm also plans to release a detailed report on the hacking incident to its clients today.<\/p>\n<p>via <a href=\"http:\/\/www.techspot.com\/news\/58426-security-firm-discovers-windows-zero-day-claims-russian.html\" target=\"_blank\">Security firm discovers Windows zero-day, claims Russian hackers used it to target NATO, Ukraine &#8211; TechSpot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A Russian hacking group has been exploiting a security flaw in Microsoft Windows to spy on NATO, the Ukrainian government, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[455,921],"class_list":["post-6649","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-hacking","tag-russia"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1Jf","jetpack-related-posts":[{"id":7030,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/05\/iranian-hackers-have-been-targeting-critical-infrastructure-for-the-last-two-years-says-report\/","url_meta":{"origin":6649,"position":0},"title":"Iranian hackers have been targeting critical infrastructure for the last two years, says report","author":"NCCT","date":"December 5, 2014","format":false,"excerpt":"For the past two years, a Tehran, Iran-based hacker group has breached the computer networks of around 50 of the world's top energy, transport, and infrastructure companies, including 10 US-based firms According to cyber security firm Cylance, the campaign dubbed Operation Cleaver has so far only focused on intelligence gathering,\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8738,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/09\/surprise-adobes-flash-is-a-favorite-hacking-target-by-far\/","url_meta":{"origin":6649,"position":1},"title":"Surprise: Adobe&#8217;s Flash is a favorite hacking target by far","author":"NCCT","date":"November 9, 2015","format":false,"excerpt":"Jeremy Kirk | PCWorld Adobe Systems\u2019 Flash plugin gets no love from anyone in the security field these days. A new study released Monday shows just how much it is favored by cybercriminals to sneak their malware onto computers.It looked at more than 100 exploit kits, which are frameworks planted\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8293,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/05\/15\/uk-spy-agency-says-to-hackers-come-work-for-us\/","url_meta":{"origin":6649,"position":2},"title":"UK spy agency says to hackers: Come work for us","author":"NCCT","date":"May 15, 2015","format":false,"excerpt":"The UK government surveillance agency GCHQ needs more hackers. The normally secretive agency has taken the unusual step of posting a job advert - and a press release - about its hunt for IT security staff. It's the first time GCHQ has openly recruited for what it describes as 'computer\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6848,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/11\/14\/chinese-hackers-suspected-in-usps-breach-data-on-every-employee-compromised\/","url_meta":{"origin":6649,"position":3},"title":"Chinese hackers suspected in USPS breach, data on every employee compromised","author":"NCCT","date":"November 14, 2014","format":false,"excerpt":"The FBI is investigating a data breach at the U.S. Postal Service in which employees\u2019 personal data may have been compromised. Every person on staff with the Postal Service, from the Postmaster General down to letter carriers, was exposed according to a report from the Washington Post. Sources familiar with\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9289,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/01\/12\/updates-for-spectre-and-meltdown\/","url_meta":{"origin":6649,"position":4},"title":"Updates for Spectre and Meltdown","author":"NCCT","date":"January 12, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ZWjhs-xIl24 Jason Howell and Megan Morrone talk to Ed Bott from the Ed Bott Report on ZDNet about what every Windows Admin needs to know about Spectre and Meltdown and four steps to keeping a level head during this vulnerability and the next. Plus, what might have happened if the\u2026","rel":"","context":"In &quot;Hardware&quot;","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ZWjhs-xIl24\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":7685,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/02\/27\/hackers-impersonating-it-staff-popular-tactic-in-data-breaches-fireeye-finds\/","url_meta":{"origin":6649,"position":5},"title":"Hackers impersonating IT staff popular tactic in data breaches, FireEye finds","author":"NCCT","date":"February 27, 2015","format":false,"excerpt":"Fresh FireEye research suggests that today's cyberattackers are becoming smarter about the systems they seek to break, and are commonly using impersonation and social engineering to tap into the most common weakness in the security chain -- employees. Within FireEye's sixth annual M-trends report, which tracks the threat landscape and\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6649","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=6649"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6649\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=6649"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=6649"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=6649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}