Russian hackers seem to have discovered a bug in Microsoft Windows and have used that bug to spy on the Ukrainian government and another scholar who happened to live in the United States. iSight Partners, a cyber-security intelligence company who works with governments, was the one who made the discovery. On Tuesday, the company reported that it came upon a surprising attack, which had been going on for months.
The hackers were able to use a bug present in every modern version of Microsoft Windows operating systems (Vista, Windows 7, Windows 8 and 8.1). This means that most of the world’s population’s personal computers were vulnerable to this specific attack. As soon as Microsoft heard about the attack, it released a patch, in order to correct their error. The Russian government, on the other hand, did not comment upon the subject. The Ukrainian government said it could not provide a statement at that time about this delicate matter.
iSight is an intelligence company based in Dallas. It first discovered the hackers using this attack in August. They were sending phishing emails directly to Ukrainian government officials. Attached to this email was a malware Power Point document which was supposed to represent a list of pro-Russian terrorist separatists. Once opened, the malware would quietly steal information from emails and official documents, and send them to the hackers. Since the attack was very well implemented and complex, specialists at iSight believed it must have involved the Russian government directly. Stephen Ward, an executive at iSight Partners declared: ” The types of targets they were after relate to military, foreign policy and critical elements of the Russian GDP”. The hackers attacked a university researcher as well, who was specialized in Russian culture. The investigators from iSight managed to trace back the attack. The hackers had made a slight mistake: one of the computer servers which was sending messages to hacked computers was left visible on the Internet. They came upon a document written in Russian, which provided information on how to use the malware. The specialists at iSight believe these hackers are responsible for other attacks as well, against the European Government Agency, the French Telecom Company and an energy firm based in Poland.