Russian Hackers Linked to New Attacks Exploiting Windows Vulnerability

By Laura Stotler November 02, 2016

Russia has repeatedly made headlines in the upcoming U.S. election, with government-sponsored hackers allegedly responsible for accessing Democratic Party emails and then publishing them through WikiLeaks and other sources. Now Microsoft has given the hacking sources additional validity, claiming a group previously linked to the Russian government and U.S. political hacks is responsible for recent attacks that exploited a newly discovered Windows security flaw.

Microsoft revealed on its website that “spear phishing” emails had been sent from the Strontium hacking group, also known as “Fancy Bear” and “APT 28.” Those emails were used to launch a small number of attacks by exploiting Windows vulnerabilities. Microsoft is releasing a patch on Election Day, November 8, to protect users against the threat.

The timing of Microsoft’s announcement, as well as the patch release on Election Day, adds yet another element of chaos into what has proven to be a historically unusual and turbulent election cycle. And much in the spirit of the impending election, rivals Microsoft and Google were at each other’s throats over the timing of the vulnerability announcement. According to Microsoft, the attacks exploit a vulnerability in Adobe’s Flash software as well as the Windows OS. Adobe released a patch for its vulnerability on Monday, and Google promptly went public with details of the attacks – well before Microsoft’s patch was prepared and available.

“Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” said Microsoft in a statement, while Google had no comment on the issue.

According to John Bambenek, threat systems manager at Fidelis Cybersecurity, a company specializing in threat detection and security, early disclosure was the right move in this scenario, and will protect more enterprises in the long run.

“There will always be a risk with acknowledging weakness,” said Bambenek. “Even releasing patches can give adversaries the very clues needed to weaponize and exploit. This was very much true with Microsoft patches years ago, which have been largely mitigated by automated patching and rebooting within 24 hours of release.”

“While we don’t have solid data to talk about how widely it is being used, we do know that this vulnerability is dangerous,” added Bambenek. “It's a local privilege escalation, which means that if a user can execute compromised code, that code could be used to run commands as the administrator and more deeply embed itself into a system. At this point, my preference is to release mitigation strategies so that enterprises can protect their users while awaiting a patch.”

The Fancy Bear hacking group has been primarily tied to GRU, Russia’s military intelligence agency. The group has been widely blamed for the recent hacks of Democratic Party databases and emails.




Edited by Alicia Young

TechZone360 Contributing Editor

SHARE THIS ARTICLE
Related Articles

Mist Applies AI to Improve Wi-Fi

By: Paula Bernier    11/9/2017

Mist has created an AI-driven wireless platform that puts the user and his or mobile device at the heart of the wireless network. Combining machine le…

Read More

International Tech Innovation Growing, Says Consumer Technology Association

By: Doug Mohney    11/8/2017

The Consumer Technology Association (CTA) is best known for the world's largest trade event, but the organization's reach is growing far beyond the CE…

Read More

Broadcom Makes Unsolicited $130B Bid for Qualcomm

By: Paula Bernier    11/6/2017

In what could result in the biggest tech deal in history, semiconductor company Broadcom has made an offer to buy Qualcomm for a whopping $130 billion…

Read More

How Google's 'Moonshot' Could Benefit Industrial Markets

By: Kayla Matthews    10/30/2017

The term "moonshot" encapsulates the spirit of technological achievement: an accomplishment so ambitious, so improbable, that it's equivalent to sendi…

Read More

After Cisco/Broadsoft, Who's Next for M&A?

By: Doug Mohney    10/27/2017

Cisco's trail of acquisition tears over the decades includes the Flip video camera, Cerent, Scientific Atlantic, Linksys, and a couple of others. The …

Read More