Microsoft: Russian Hackers
Exploiting Windows Flaw
The
same group is suspected of the attacks on U.S. political groups.
11/01/2016 10:15 pm ET
Robert
Galbraith / Reuters
Microsoft Corp said on Tuesday that a hacking group
previously linked to the Russian government and U.S. political hacks was behind
recent cyber attacks that exploited a newly discovered Windows security flaw.
The software maker said in an advisory on its website there
had been a small number of attacks using “spear phishing” emails from a hacking
group known Strontium, which is more widely known as “Fancy Bear,” or APT 28.
Microsoft did not identify any victims.
Microsoft’s disclosure of the new attacks and the link to
Russia came after Washington accused Moscow of launching an unprecedented
hacking campaign aimed at disrupting and discrediting the upcoming U.S.
election.
The U.S. government last month formally blamed the Russian
government for the election-season hacks of Democratic Party emails and their
subsequent disclosure via WikiLeaks and other entities. Russia has denied those
accusations.
Microsoft said a patch to protect Windows users against the
newly discovered threat will be released on Nov. 8, which is Election Day. It
was not clear whether the Windows vulnerability had been used in any of the
recent U.S. political hacks.
Representatives of the FBI and the Department of Homeland
Security could not immediately be reached for comment.
A U.S. intelligence expert on Russian cyber activity said
that Fancy Bear primarily works for or on behalf of the GRU, Russia’s military
intelligence agency, which U.S. intelligence officials have concluded were
responsible for hacks of Democratic Party databases and emails.
In spear phishing, an attacker sends targeted messages,
typically via email, that exploit known information to trick victims into
clicking on malicious links or open tainted attachments.
Microsoft said the attacks exploited a vulnerability in
Adobe Systems Inc’s Flash software and one in the Windows operating system.
Adobe released a patch for that vulnerability on Monday,
when security researchers with Google went public with details on the attack.
Microsoft chided rival Google for going public with details
of the vulnerabilities before it had time to prepare and test a patch to fix
them.
“Google’s decision to disclose these vulnerabilities before
patches are broadly available and tested is disappointing, and puts customers
at increased risk,” Microsoft said.
A Google representative declined to comment on Microsoft’s
statement.
Google disclosed the flaw on Monday, following its standing
policy of going public seven days after discovering “critical vulnerabilities”
that are being actively exploited by hackers.
Google gives software companies 60 days to patch less
serious bugs.
(Reporting by Jim Finkle in Boston and Dustin Volz in
Washington. Additional reporting by John Walcott in Washington; Editing by
Jonathan Weber and Jonathan Oatis)
=================================================================================================Another Special Announcement - Tune in to my radio interview, on Rider University's station, www.1077thebronc.com I discuss my recent book, above on "Your Career Is Calling", hosted by Wanda Ellett.
www.amazon.com/author/paulbabicki
In addition to this blog, I maintain a radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and PSG of Mercer County, NJ.
I am the president of Tabula Rosa Systems,
a “best of breed” reseller of products for communications, email,
network management software, security products and professional
services. Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.
Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.Anyone who would like to review the book and have it posted on my blog or website, please contact me paul@netiquetteiq.com.
=============================================================
No comments:
Post a Comment