TIME Security

Microsoft Says Russian Hackers Are Targeting Windows

Inside The Microsoft Corp. Windows 10 Devices Event
Bloomberg—Bloomberg via Getty Images The silhouette of Panos Panay, corporate vice president of Microsoft Corp. Surface, is seen as he unveils the new Microsoft Surface Book laptop during the Windows 10 Devices event in New York, U.S., on Tuesday, Oct. 6, 2015.

The company isn't releasing a patch until Nov. 8

Microsoft said that a hacker group linked to Russia as well as recent breaches of U.S. political parties and campaigns is using a previously unknown flaw in Windows software to conduct computer network intrusions.

Google security engineers revealed the existence of the computer bug in a blog post on Monday after warning Microsoft of the finding, but before the company had issued a patch. Google said it had a responsibility “to protect users,” since the vulnerability was actively being used to compromise people’s systems.

Microsoft posted more details about the attacks the next day and said that it would release a patch on Nov. 8, its next software update day and election day in the U.S. Microsoft noted that the attackers using the flaw had been sending spear-phishing emails, or targeted messages intended to deceive recipients into disclosing personal information or into installing malware on their machines.

Microsoft’s threat intelligence team called the attacker group “Strontium,” but many people know the group by other names, including “APT28,” “Sofacy,” or “Fancy Bear. Cybersecurity experts have previously linked this group to the Russian government and, more specifically, to its foreign intelligence agency the GRU.

The cybersecurity firm CrowdStrike made waves earlier this year when it attributed an attack on the Democratic National Committee to the same group—an attribution that has since been backed publicly by the U.S. intelligence community.

“This attack campaign, originally identified by Google’s Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers,” wrote Terry Myerson, executive vice president of Windows and devices at Microsoft, analyzing the attacks. He added that group tended to leapfrog from one compromised email account to the next, ensnaring victims by sending booby-trapped messages to their contacts.

Myerson added that Microsoft “has attributed more 0-day exploits to STRONTIUM than any other tracked group in 2016.”

Here’s how the Russia-linked hacker group worked. First, the team would gain a foothold in victims’ machines by commandeering their web browsers. It would do this by exploiting an unknown flaw (also known as a zero-day vulnerability) in Adobe Flash software—a bug that Adobe patched in an update on Oct. 26.

Next the group would break out of the victim’s browser, escalating privileges (in the industry parlance), through the Windows vulnerability. Microsoft noted that users of its Windows 10 Anniversary Update “are known to be protected from versions of this attack observed in the wild.”

Finally, the hacker group would install a backdoor, or security-bypassing control program, to take over the target’s machine.

Microsoft said it was disappointed by Google’s disclosure before the release of a fix. “Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” Myserson said.

Google, on the other hand, maintained that disclosing known and “actively exploited” vulnerabilities is in the interest of people seeking to secure their systems.

This article originally appeared on Fortune.com

Tap to read full story

Your browser is out of date. Please update your browser at http://update.microsoft.com


Dear TIME Reader,

As a regular visitor to TIME.com, we are sure you enjoy all the great journalism created by our editors and reporters. Great journalism has great value, and it costs money to make it. One of the main ways we cover our costs is through advertising.

The use of software that blocks ads limits our ability to provide you with the journalism you enjoy. Consider turning your Ad Blocker off so that we can continue to provide the world class journalism you have become accustomed to.

The TIME Team