Russian hackers who operate under the “Fancy Bear” moniker have been exploiting a security flaw in Windows, Microsoft said this week. It appears to be related to the same flaw that Google exposed on Monday.
“Fancy Bear” may not ring any bells, but it should. The group, which Microsoft refers to as “STRONTIUM,” is reportedly tied to Russia’s Main Intelligence Agency (GRU) and may be behind some of the attacks on the US election. Russia has allegedly been behind some of those strikes, in which hackers have employed a “spear fishing” technique to gather login information from party officials.
When a hacker spear fishes, he or she sends an email that looks like it’s coming from a legitimate source, often asking an end-user for log-in details.
“Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM conducted a low-volume spear-phishing campaign,” Microsoft executive vice president of Windows and devices Terry Myerson explained. “Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild. This attack campaign, originally identified by Google’s Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.”
Windows exploit used by Russian hackers
Hillary Clinton’s campaign chairman John Podesta fell victim for this type of attack, entering in his Gmail account username and password into an email that never actually came from Google. In this particular Windows flaw, vulnerabilities associated with Adobe Flash are also used.
Specifically, Myerson said hackers will “exploit Flash to gain control of the browser process” before changing the privileges of the user’s system and eventually installing a backdoor for permanent access.
Google exposed this flaw earlier in the week, which means hackers can still take advantage of the exploit until Microsoft issues a patch. Myerson thanked Google’s Threat Analysis Group for helping it learn more about the flaw and said an update is due on November 8 that fixes it.