A group of Russian hackers has exploited a flaw in Microsoft's Windows operating system to spy on national security targets, including NATO and the Ukrainian government, according to a report by a cybersecurity firm.
The Washington Post reports that research by the cybersecurity firm iSight Partners shows that the hacking ring, dubbed SandWorm, has been active since at least 2009 and is probably working for the Moscow government. ISight began monitoring the group's activity last year and discovered the vulnerability this past August.
The firm's report said that the Kiev government was targeted around the time of the recent NATO summit in Wales, where Russia's actions supporting separatist rebels in eastern Ukraine were discussed.
The Post reports that the hackers use a technique called "spearphishing," in which emails are sent to targeted computers with attachments that enable hackers to gain access to their computers. ISight Senior Director Stephen Ward told the paper that the vulnerability exploited by the hackers appears in every version of Windows from Vista to 8.1, with the exception of Windows XP. A Microsoft spokesman told Reuters that the company planned to roll out an automatic software update to fix affected versions of Windows Tuesday.
ISight technical analyst Drew Robinson told The Post that the firm pegged the hackers as Russian because of their targets and because the group's command server, based in Germany, was not properly secured, and exposed Russian-language computer files uploaded by the hackers. Robinson said that the group had succeeded in compromising some of their targets, including Ukrainian government servers, but it was not clear how successful they in accessing classified information.