Advertisement

Russian hackers using Windows flaw that Google exposed

by Todd Haselton | November 2, 2016

mirai

Russian hackers who operate under the “Fancy Bear” moniker have been exploiting a security flaw in Windows, Microsoft said this week. It appears to be related to the same flaw that Google exposed on Monday.

“Fancy Bear” may not ring any bells, but it should. The group, which Microsoft refers to as “STRONTIUM,” is reportedly tied to Russia’s Main Intelligence Agency (GRU) and may be behind some of the attacks on the US election. Russia has allegedly been behind some of those strikes, in which hackers have employed a “spear fishing” technique to gather login information from party officials.

When a hacker spear fishes, he or she sends an email that looks like it’s coming from a legitimate source, often asking an end-user for log-in details.

“Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM conducted a low-volume spear-phishing campaign,” Microsoft executive vice president of Windows and devices Terry Myerson explained. “Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild. This attack campaign, originally identified by Google’s Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.”

Windows exploit used by Russian hackers

Hillary Clinton’s campaign chairman John Podesta fell victim for this type of attack, entering in his Gmail account username and password into an email that never actually came from Google. In this particular Windows flaw, vulnerabilities associated with Adobe Flash are also used.

Specifically, Myerson said hackers will “exploit Flash to gain control of the browser process” before changing the privileges of the user’s system and eventually installing a backdoor for permanent access.

Google exposed this flaw earlier in the week, which means hackers can still take advantage of the exploit until Microsoft issues a patch. Myerson thanked Google’s Threat Analysis Group for helping it learn more about the flaw and said an update is due on November 8 that fixes it.

Microsoft Reuters

Advertisement


Todd Haselton

Todd Haselton has been writing professionally since 2006 during his undergraduate days at Lehigh University. He started out as an intern with...Todd Haselton has been writing professionally since 2006 during his undergraduate days at Lehigh University. He started out as an intern with...


Advertisement

Advertisement

Advertisement

Advertisement