Sandworm team uses Microsoft bug

dune-sandwormFor the last five years, Russian hackers have conducted a single operation to spy on computers used by NATO, the European Union, Ukraine and companies in the energy and telecommunications sectors.

Cyber intelligence firm iSight said it did not know what data had been found by the hackers, though it suspected they were seeking information on the Ukraine crisis, as well as diplomatic, energy and telecom issues.

According to iSight, which dubbed the operation “Sandworm Team” because it found references to the “Dune” in the software code used by the hackers, the operation used a variety of ways to attack the targets over the years.

Things have become worse since August since the Sandworm Team  found a hole of their in most versions of Windows to exploit.

ISight said it told Microsoft about the bug and held off on disclosing the problem so the software maker had time to fix it.

A spokesVole said the company plans to roll out an automatic update to affected versions of Windows today.

iSight said they believed the hackers are Russian because of language clues in the software code and because of their choice of targets.

Hulquist said the hackers were supported by a nation state because they were engaging in espionage, not cybercrime.

For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities.

Hulquist said its researchers had uncovered evidence that some Ukrainian government computers were infected, but they were unable to confirm specific victims among those systems that had been targeted.

The iSight research is the latest in a series of private sector security reports that link Moscow to some of the most sophisticated cyber espionage uncovered to date.