Russian Interest in Ukraine Now Includes Cyber Warfare

A hacker group in Russia exploited a security flaw in Microsoft Windows software to spy on NATO, the Ukraine, and a number of other targets, according to a report this week from a Texas cybersecurity firm.

In this Tuesday, Jan. 17, 2012, file photo, attendees at the National Retail Federation visit a Microsoft display in New York. Microsoft Corp. said Monday, June 18, 2012, it will make a "major" announcement after the market closes on Monday. Speculation has ranged from an unveiling of a new tablet computer that uses low-power chips to a new system that will use an upcoming version of Windows to (AP Photo/Mark Lennihan, File)

A hacker group in Russia exploited a security flaw in Microsoft Windows software to spy on NATO, the Ukraine, and a number of other targets, according to a report this week from a Texas cybersecurity firm.

The hackers also launched attacks on a French telecommunications firm, a Polish energy firm, an unknown Western European government, and an unknown academic organization in the U.S., according to a report from iSIGHT Partners in Dallas. iSIGHT began monitoring the group in late 2013, dubbing it “Sandworm Team” after discovering references in its code to the Dune series of science fiction novels. But iSIGHT says the group appears to have started nearly five years ago.

The hackers prefer to target victims by sending them tailor-made malicious documents, which infect the victim’s computer when opened — a surgical approach known as a “spear-phishing attack.” At least some such attacks by Sandworm Team exploited a previously unknown security vulnerability in Windows’s “Object Linking and Embedding” framework, which allows one type of file to be embedded in another type of file, for example to place a spreadsheet inside a word processing document. The vulnerability in OLE allowed the hackers to send emails to targets with tainted PowerPoint documents attached that could lead to instant spying if clicked.

Interests in Ukraine, where Russia has annexed the Crimean peninsula and supported pro-Russian separatists, appear to have been a major target of the hack attacks.

“Many of the lures observed have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia,” iSIGHT’s report said, adding that a number of other attacks, including the attack on the U.S. academic organization, clustered around a NATO summit on Ukraine held in Wales.

iSightPartners said it immediately worked with Microsoft to minimize any future exploitation.  Microsoft already released an update to fix the security flaw on Tuesday after the report, albeit after the hackers were able to gain access to their intended targets’ computers.

Still, iSIGHT noted that some of the attacks, including attacks on NATO, relied on techniques other than the Microsoft OLE vulnerability.

Photo: Mark Lennihan/AP

Join The Conversation