You are here
Russian hackers use zero-days to try to get sanctions data
[WASHINGTON] Hackers linked to the Russian government used previously unknown flaws in Microsoft Corp's Windows and Adobe Systems Inc's Flash to try to infiltrate discussions on sanctions policy, a person familiar with the attack said.
The spying scheme was detected on April 13 by US cybersecurity firm FireEye Inc and targeted an agency of an overseas government that was in discussions with the US about sanctions policy. The attack was halted before the group extracted any data, the company said in a blog post on Saturday.
The hacking group, which FireEye calls Advanced Persistent Threat 28, or APT28, is known for advanced cyber-attacks and its use of malware known as Sofacy. In this case, it took the unusual step of using two so-called zero-day exploits to try to infiltrate the computer systems of its victim in a highly sophisticated attack, FireEye said.
"While there is not yet a patch available for the Windows vulnerability, updating Adobe Flash to the latest version will render this in-the-wild exploit innocuous," FireEye said in a blog post.
Adobe has created a fix for the vulnerability while Microsoft is working on a patch, FireEye said. The flaw does not apply to Windows 8 and later versions.
Cynthia Fetty, of Edelman, a spokesman for Adobe, didn't immediately respond to a voicemail message left on her mobile phone. Microsoft's spokesman Chris Williams, of Waggener Edstrom, did not immediately respond to an e-mail seeking comment.
FireEye researchers detected the attack because the intended victim was a company customer, according to the person who asked for anonymity because the information isn't public.
FireEye identified APT28 in a report last October, saying then that it was most likely sponsored by Russia's government.
Russian President Vladimir Putin's spokesman, Dmitry Peskov, dismissed the report's findings at the time. Mr Peskov didn't answer after-hours calls Saturday to two phone numbers.
Zero-day vulnerabilities are highly sought after by hackers because they are weaknesses that haven't been previously detected and so there is no immediate defense.
ATP28's targets have included the North Atlantic Treaty Organization's special operations headquarters, the governments of Poland and Hungary, and the ministries of defense and internal affairs in Georgia, which fought a war with Russia in 2008, FireEye's October report said.
A spokesman for the US State Department declined to comment on the attack which FireEye reported on Saturday. He referred instead to a March 9 briefing by Jen Psaki, now White House communications director. At that briefing Mr Psaki said that the department dealt with thousands of cyber-attacks every day.