To Customer Support To Customer Support

SandWorm hacking team exploited 0-day against NATO and other Government entities

  • 14 October 2014
  • 3 replies
  • 2 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
by Pierluigi Paganini on October 14th, 2014
 


 

iSIGHT Partners firm uncovered a Russian hacking team dubbed Sandworm that was running a cyber espionage campaign on NATO and other Government entities.

According to a new report issued by the cyber security firm iSIGHT Partners a group of Russian hackers has been exploiting a previously unknown flaw in Microsoft’s Windows operating system to spy on NATO, the Ukrainian government, a U.S. university researcher and many other entities. The researchers at ISight dubbed the hacking group SandWorm because of references discovered in its code to the science-fiction novel “Dune.”
The experts at iSIGHT Partners have worked in close collaboration with Microsoft during the investigation, the company announced the discovery of a zero-day vulnerability affecting all supported versions of Microsoft Windows and Windows Server 2008 and 2012. The vulnerability has been classified with the code CVE-2014-4114, and according the revelation made by iSIGHT is has been exploited  in cyber espionage operation on a large scale by a Russia hacking team, the nature of the target and the tactics, techniques, and procedures (TTP) adopted lead the experts to believe that this is the work of state-sponsored hackers.
 
Full Article

3 replies

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Posted on 14 October 2014.
 
EXCERPT.
 
The big headline this month seems to be SandWorm, another vulnerability being marketed with a clever name. SandWorm, a.k.a. CVE-2014-4114 is addressed by MS14-060. Why is it called SandWorm? Apparently the exploit code was written by a fan of Frank Herbert’s classic science fiction epic, Dune. The code and command and control URLs contain references to the books. That’s it. Note, SandWorm is not a "worm" in the sense of computer virus that can self-propagate.
 
Full Article
R
Rank
Userlevel 7
by Sabari Selvan on Tuesday, October 14, 2014
 
http://4.bp.blogspot.com/-MhxqG6XeEnQ/VD1V2JOYASI/AAAAAAAAL_Q/IdDuEJdDN3A/s1600/sandworm-russian-hackers-nato-windows-vulnerability.jpgRussian Hackers, dubbed the "sandworm team", have been found exploiting a previously unknown vulnerability in Microsoft's Windows Operating systems, reports.
 
The group has used this zero-day exploit to hack computers used by NATO, Ukraine Government, European Telecommunications firms, Energy sectors and US academic organization. The attack starts with a spear-phishing email containing a malicious power point document that exploits the vulnerability and infects victims machine with a malware. 
 
eHackingNews/ Article/ http://www.ehackingnews.com/2014/10/russian-hackers-use-windows-0-day.html
R
Rank
Userlevel 7
The following article is a update

(Sandworm Team Targeted SCADA Systems: Trend Micro)

By Brian Prince on October 20, 2014
 
 Researchers at Trend Micro say the Sandworm team may have their eyes set oncompromising SCADA-based systems.
SCADA (supervisory control and data acquisition) systems are used to control industrial processes. Last week, the Sandworm team was identified by researchers at iSight Partners as being at the center of attacks using CVE-2014-4114, a zero-day vulnerability in Microsoft Windows, as part of an attack campaign.

"After beginning an investigation into the affiliated malware samples and domains, we quickly came to realization that this group is very likely targeting SCADA-centric victims who are using GE Intelligent Platform’s CIMPLICITY HMI solution suite," Trend Micro researchers Kyle Wilhoit and Jim Gogolinski explained in a blog post. "We have observed this team utilizing .cim and .bcl files as attack vectors, both of which file types are used by the CIMPLICITY software. As further proof of the malware targeting CIMPILICITY, it drops files into the CIMPLICITY installation directory using the %CIMPATH% environment variable on the victim machines."
 
According to Trend Micro, the attackers were observed using emails armed with a malicious attachment that is opened by the CIMPLICITY application and attempts to exploit CVE-2014-4114 in Microsoft Windows. If the attack against the system running CIMPLICITY is successful, it attempts to download the Black Energy malware on the system. The spear-phishing emails are spoofed to appear to come from Oleh Tiahnybok, a Ukrainian politician who has been critical of Russia.  
 
 
Full Article

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.