[ISN] Suspected Russian “Sandworm” cyber spies targeted NATO, Ukraine

http://arstechnica.com/security/2014/10/suspected-russian-sandworm-cyber-spies-targeted-nato-ukraine/ By Robert Lemos Ars Technica Oct 13, 2014 A group of cyber spies targeted the North Atlantic Treaty Organization (NATO), Ukrainian and Polish government agencies, and a variety of sensitive European industries over the last year, in some cases using a previously unknown flaw in Windows systems to infiltrate targets, according to a research report released on Tuesday. Dubbed “Sandworm” by iSIGHT Partners, the security consultancy that discovered the zero-day attack, the campaign is suspected to be Russian in origin based on technical details, the malware tools used, and the chosen targets, which also included government agencies in Europe and academics in the United States. If confirmed, the attack is an uncommon look into Russia’s cyber-espionage capabilities. “We can confirm that NATO was hit; we know from several sources that multiple organizations in the Ukraine were targeted,” John Hultquist, senior manager of cyber-espionage threat intelligence for iSIGHT. “We have seen them using Ukrainian infrastructure as part of their attacks.” The Sandworm Team, named because its members include references from Frank Herbert’s Dune series in their code, also used a previously unknown software flaw, or 0day vulnerability, to compromise some targets. Using the security hole, the Sandworm group could execute their attacks on systems running up-to-date versions of Windows 7, Windows 8 and Windows RT. Microsoft plans to release a patch for the flaw during its regular updates on Tuesday. […]