This zero day attack apparently gave them access to all versions of Windows from Vista onwards.
Team Sandworm
This security loophole was uncovered by cyber-intelligence firm iSight Partners.
The espionage was perpetrated since August and is still on.
Microsoft will be release the patch for this vulnerability along with their other patches today.
The Attack
Sandworm targeted machines using a malicious PowerPoint presentation.
Russian Link
Why we say this group can be linked to the Russian state ?
The attack was based on a flaw of an operating system.
Files in Russian have also been found on the servers used by Sandworm .
In addition to this, why would this team focus on cyber espionage ?
A hacker would, under normal circumstances, indulge in cyber crime.
What good would top secret state information do to an individual ?
The only entity that can logically benefit from such level of espionage seems to be a government.
And of course, such intel during a ongoing war can be priceless.
They also targeted a few Ukrainian government officials systems utilising spear-phishing techniques.
Back Energy
As per iSight report the previous activity of this group involves the Back Energy exploit.
DDoS to cyber espionage is quite a big promotion.
F-Secure labelled them Quedach and informed the concerned parties about the compromise.
The threat doesnt seem to be over with the patch release by Microsoft.
Source :iSIGHT Partners
Read More
source: www.techworm.net
