Microsoft Says Russian Hackers Are Targeting Windows
Microsoft said that a hacker group linked to Russia as well as recent breaches of U.S. political parties and campaigns is using a previously unknown flaw in Windows software to conduct computer network intrusions.
Google security engineers revealed the existence of the computer bug in a blog post on Monday after warning Microsoft of the finding, but before the company had issued a patch. Google said it had a responsibility "to protect users," since the vulnerability was actively being used to compromise people's systems.
Microsoft posted more details about the attacks the next day and said that it would release a patch on Nov. 8, its next software update day and election day in the U.S. Microsoft noted that the attackers using the flaw had been sending spear-phishing emails, or targeted messages intended to deceive recipients into disclosing personal information or into installing malware on their machines.
Microsoft's threat intelligence team called the attacker group "Strontium," but many people know the group by other names, including "APT28," "Sofacy," or "Fancy Bear. Cybersecurity experts have previously linked this group to the Russian government and, more specifically, to its foreign intelligence agency the GRU.
The cybersecurity firm CrowdStrike made waves earlier this year when it attributed an attack on the Democratic National Committee to the same group—an attribution that has since been backed publicly by the U.S. intelligence community.
"This attack campaign, originally identified by Google's Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers," wrote Terry Myerson, executive vice president of Windows and devices at Microsoft, analyzing the attacks. He added that group tended to leapfrog from one compromised email account to the next, ensnaring victims by sending booby-trapped messages to their contacts.
Myerson added that Microsoft "has attributed more 0-day exploits to STRONTIUM than any other tracked group in 2016."
Here's how the Russia-linked hacker group worked. First, the team would gain a foothold in victims' machines by commandeering their web browsers. It would do this by exploiting an unknown flaw (also known as a zero-day vulnerability) in Adobe Flash software—a bug that Adobe patched in an update on Oct. 26.
Next the group would break out of the victim's browser, escalating privileges (in the industry parlance), through the Windows vulnerability. Microsoft noted that users of its Windows 10 Anniversary Update "are known to be protected from versions of this attack observed in the wild."
Finally, the hacker group would install a backdoor, or security-bypassing control program, to take over the target's machine.
Microsoft said it was disappointed by Google's disclosure before the release of a fix. "Google's decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk," Myserson said.
Google, on the other hand, maintained that disclosing known and "actively exploited" vulnerabilities is in the interest of people seeking to secure their systems.
The Flash returns 2978
- Human Library held in Sammanthurai 4341
- SEUSL gets Faculty of Technology 4599
- Japan honours Speaker Jayasuriya 4367
- Public sector employment census on 17 Nov 4424
- Falls 73 cents in seven days ER down Rs 150.19 2nd lowest value ever 4329
- Clean drinking water project SL to get US$ 60 M from ADB 4336
- Attempt to smuggle elephant calf foiled 4366
- UK Minister for the UN and Commonwealth Baroness Anelay to visit Sri Lanka 4377
- New Police Division To protect victims and witnesses 4359
- Amending Muslim Marriage & Divorce Act Azwar condemns government’s decision 4429
- Bond scam a political project of UNP 4367
- Presidential Elections and US Nuclear Policy 4337
- Russia-China Bonhomie: India Has No Reason To Worry 4330
- Can oil markets survive an OPEC implosion? 4299
- Legendary Musician no more Funeral on 5 Nov 4498
- Bond scam probe President promises impartial judicial process 4270
- Ranil arrives in HK 4254
- Mahendran returns 4303
- Port City project Lanka clears environment concerns 4283
- Marriage & Divorce Laws Muslims protest against proposed changes 4816
- Saving children from accidents 3354
- OFFENCES RELATING TO DOCUMENTS: FORGERY 3400
- The Blair Years Part Three Privatization’s disastrous route 6694
- Police Rugby has made an Indelible Mark 3608
- Cops target top four finish 3288
- SLT e Sports championship Phase 2 in Kandy 3289
- Visakha- Ladies Annual Water Polo Visakha in 6th consecutive win 3287
- Lanka Plate Snooker in Kandy today 3289
- De Mazenod. St. Benedict’s and Isipathana on first inning POINTS 3301
- Windies end Test win drought 3288
- TILAK ABEYSINGHE NO MORE 3491
- 47th Sir John Tarbet Championship Ladies Makes History 3299
- Imesh hat-trick in Peterite victory 3249
- ‘Singer Cup’ U-19 Cricket Dimuth makes second ton 3259
- Sailors, Cops clash in opener 3269
- AFC Cup Football Tournament Laos edges-out Sri Lanka 2-1 3224
- Namal to coach CH 3274
- Triangular American Football League 2016 Colombo Lions take on Peshawar WolfPak 3324
- Criminality within societies 3858
- T-Bill, T-Bond market outflow, tip of the iceberg Rupee and interest rates in peril 7092
- CB bonds controversy reaches fever pitch 5542
- Dealing with Corruption Systemic Change not political victimizations – Prof Rajiva Wijesinha 8878
- Entire Police force is not to blame for this tragedy An unfortunate isolated incident 10854
- ‘Footnote group’ belittled AG 10239
- BASEL III FROM JANUARY-CBSL 3890
- Cabinet nods migrant worker pension scheme 2980
- We expect special treatment Rishad tells WTO in Geneva 2931
- ETCA a must given current situ – W.A. Wijewardena 2964
- Carson Cumberbatch’s Equity One delisted 2996
- Shares gain for second day 2971
- Japanese SMEs eye SL for India access 2961
- Alliance Finance wins CMO Asia award 2954
- Egypt floats currency Currency value quickly reduces by almost 50% against dollar 2949
- Sri Lankan students to China with Huawei 3044
- Commercial Leasing opens branch in Borella 3036
- Emerging Media wins Flame Award 2969
- RV Fashion wins award at FLAME 2016 3036
- BoC’s Green Banking goes with digitization 3214
- Commercial Bank offers exciting revamped website 3134