Hackers have used this summer an error of the Microsoft Windows operating system to spy Ukrainian officials and American academics.
This is the conclusion of an investigation of an American company in the field of cybersecurity, reports the Wall Street Journal (WSJ). According to the publication, the deficiency used against Ukrainian officials may allow controlling a computer equipped with Windows Vista, 7 or 8, and hackers have penetrated using PowerPoint documents malware, announced researchers at iSight Partners Inc., who made the discovery at early September.
Researchers from the iSight detected Windows vulnerability while in eastern Ukraine intensified fighting between rebels and pro-Russian Ukrainian forces. They announced that the Ukrainian government employees and a russian-born American specialist, on whose identity they refused to reveal, were attacked in the summer, through emails that seemed to contain secret information about russian sympathizers from security services Ukrainian. Once users have opened PowerPoint, hackers got access to their computers, said the researchers. Despite the attention given to information about state-sponsored attacks from China, Iran and Russia, it is difficult that the origin or purpose of the cyber attack to be determined, according to the WSJ, adding that the suspicions are based on an evaluation of reasons and fragments of digital evidence.
According to the publication, iSight announced that it has detected a number of clues that suggest that the hackers would work for the Russian government. At least one of the hackers is fluent in Russia, considering unprotected documents stored on a server used by attackers. Another clue, according to the company, is the time and significant amounts of money needed to find errors in complex software like Windows, which suggests that hackers could benefit from the resources of a government, which is behind them. Governments may use intelligence agencies to locate or acquire such breaches findings from elite hackers.
The company also announced that it has detected this group of online hackers since the end of 2013. The group were detected while routinely were seeking information from the targets of special interest for Russian national interests. Target list includes NATO, Polish companies in the energy sector and at least one other Western governments, according iSight. Representatives of Russian and Ukrainian embassies in Washington had not responded to requests for comment, addressed by WSJ.
According iSight code hackers computers contain many obscure references to famous science fiction series Dune, for which the company has called the group of hackers “Sandworm”.