According to cybersecurity company iSight, a team of Russian hackers spied on the computers used by NATO, the EU, Ukraine, telecom and energy companies, as well as one used by an American academic. ISight decided to call the group “Sandworm Team”, as references to the SF work “Dune” have been found in the code.
The US cybersecurity firm concluded that the hackers have Russian origin based on language clues found in the software code, as well as by looking at the targets they chose. Moreover, finding a bug in Windows would require rich resources in time and money, so a government is a more likely to fund the efforts. ISight has in fact followed the group’s activity since late 2013 and noticed that they were targeting organizations such as NATO, Western European governments and Polish energy companies.
While the group has been active over a number of years, only in August they decided to exploit a bug in Microsoft Windows. The cybersecurity firm notified Microsoft about their findings and waited for the company to release a patch before making a public announcement.
“This is consistent with espionage activity,” said iSight Senior Director Stephen Ward. “All indicators from a targeting and lures perspective would indicate espionage with Russian national interests.”
Microsoft made a patch available on Tuesday, but until users decide to update their OSs, their computers will remain vulnerable to attacks.
Sandworm Team has been active since 2009 and US intelligence officials believe that they work for the Russian government. As crucial activities move online, including strategic operations, government strengthen their online forces. The Russian government is believed to control hacker groups as powerful as those of the US and Israel, the Washington Post notes.
While computers running Windows Vista, 7, 8 and 8.1 are vulnerable to attacks, ironically, Windows XP is not. The vulnerability is known as ‘zero-day’ and was discovered in August, Ward said. How exactly did they do it? By simply using malicious Power Point documents. The technique employed in late August attacks is called spearphishing. Sandworm hackers sent emails allegedly containing info concerning global security to participants at a NATO summit in Wales. As participants gathered to talk about the recent Russian interference in Ukraine, the malicious software successfully installed on many computers. Moreover, iSight notes, Sandworm used malware made famous by other hackers as a way of disguising their identity.