© think stock.
cyber espionage ‘Sand Worm’, so the newfound baptized Russian cyber espionage campaign, which for nearly five years is underway. Hackers managed to exploit to gain access to the data on PCs and toplui leaders of NATO, the European Union, Ukraine, telecom, energy and defense companies and universities. Access from a flaw in Windows
A cover of one of Frank Heberts’ Dune’ books, with a drawing of a sandworm. © kos. Researchers at the American cybersecurity company iSight tied the loose ends of various cyber attacks together, and came as a image of a large-scale espionage campaign being waged. according to them since 2009 from Russia The researchers chose the name Sand Worm because the hackers in their code were references to the science fiction book series “Dune” by Frank Herbert, containing monstrous sandworms. The references helped the researchers to connect. Various attacks together
The starting point of cybercriminals was a flaw in all versions of Microsoft’s Windows operating system since Vista and in Windows Server 2008 and 2012 through the hole cyber criminals could freely run code on the PC. Users are often infected by an infected PowerPoint file. For the flaw to disguise the cyber criminals also used five other already patched security problems. If the abuse was discovered then, it seemed as if the PC was ‘only’ used in a botnet (a network of hacked computers) to send spam.
ISight worked closely with Microsoft to close the gap . The software solution that will push to all Windows users via Windows Updates today.
© isight. Very targeted
That the origin of the attacks is Russian, conclude the researchers from the language of the files that were used for the “command-and-control servers, the computers that control the entire operation. Also, the files that were used to exploit the flaw of always had a link with the Russian news (eg “View a list of pro-Russian terrorists”).
It seems that the attackers are not widespread, but just very purposefully went to work for the last few years. ISight mentions gecomprommiteerde users to NATO, the EU, the Ukrainian government, energy companies (mostly in Poland), European telecom companies and at least one scientist in the USA Also at the annual security conference GlobSec, which traditionally attracts many world leaders, an attack was carried out via an infected email the organizers seemed to come.
Diplomatic Information
The link with the Russian government can not be proven, but the information on which the attacks targeting, does point in that direction. Sand Worm tries mainly documents and e-mails to get contain information on services or inform diplomatic sources. The focus was iSight according to data that had to do with Ukraine and Russia. Also tried to steal to continue their campaign and to break into other systems. Security keys and certificates cyber spies
“Some would think that the typical criminals,” said John Hultquist, who is the head of iSights research team around cyber espionage to Wired. “But they are not in sight. They want to know that only a few people can use. This is information related to security, diplomatic, information and intelligence on NATO, Ukraine and Poland.”
No comments:
Post a Comment