© 2024 Connecticut Public

FCC Public Inspection Files:
WEDH · WEDN · WEDW · WEDY · WNPR
WPKT · WRLI-FM · WEDW-FM · Public Files Contact
ATSC 3.0 FAQ
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Microsoft Windows Flaw Let Russian Hackers Spy On NATO, Report Says

Microsoft says it's patching a Windows security flaw cited in a report on alleged spying by Russian hackers.
Ted S. Warren
/
AP
Microsoft says it's patching a Windows security flaw cited in a report on alleged spying by Russian hackers.

A group of hackers, allegedly from Russia, found a fundamental flaw in Microsoft Windows and exploited it to spy on Western governments, NATO, European energy companies and an academic organization in the United States.

That's according to new research from iSight Partners, a Dallas-based cybersecurity firm.

Last month, the U.S. and the U.K. were preparing to meet at a NATO summit to talk about Ukraine. Emails were flying back and forth. Different experts were offering to talk at the conference. And in the midst of all the digital traffic, hackers jumped into the conversation.

Patrick McBride, a spokesman with iSight, says the hackers targeted specific officials using a well-known kind of attack called spear-phishing. Hackers would craft a message with a PowerPoint document attached. For example, they'd say, "We'd like to be involved in the conference."

And when an unknowing recipient opened the corrupted PowerPoint, the file was exploited to load a piece of malware onto the computer that the attacker could then use later to "exfiltrate documents," McBride says.

The hacker group, dubbed the "Sandworm Team," allegedly pulled emails and documents off computers from NATO, Ukrainian government groups, Western European government officials, and energy sector and telecommunications firms.

In the mad dash to grab information, McBride says, the hackers got a little sloppy and dropped hints about their identity. He says they're Russian, "but we can't pinpoint if they work for the Russian government or work in a particular department in the government."

The Russian embassy did not immediately respond to NPR's inquiry. Microsoft says that Tuesday, it's patching the security flaw so that PowerPoint and other Office products can't be exploited again in the same way.

Lonnie Benavides, a researcher with the cybersecurity services firm DocuSign, says if the findings are true, they represent an interesting turn of events. "Typically Russians stick to making money, stick to stealing credit cards and identities as far as trends go," he says.

Federal authorities are investigating the role of Russian hackers in the major breach against JPMorgan Chase.

Benavides says Russia provides an enabling environment for cyber offenses — whether it's crime like stealing credit cards, or espionage to steal state secrets — because the country has some very talented hackers who do not get prosecuted.

"I'm certainly not seeing waves of people that are being put in jail, in order to send a message, in order for this to stop," he says.

Even though the iSight report points to code that was in the Russian language, Benavides would not jump to the conclusion that the hacker group is state-sponsored or even from Russia. "There's an attribution problem," he says.

Copyright 2021 NPR. To see more, visit https://www.npr.org.

Aarti Shahani is a correspondent for NPR. Based in Silicon Valley, she covers the biggest companies on earth. She is also an author. Her first book, Here We Are: American Dreams, American Nightmares (out Oct. 1, 2019), is about the extreme ups and downs her family encountered as immigrants in the U.S. Before journalism, Shahani was a community organizer in her native New York City, helping prisoners and families facing deportation. Even if it looks like she keeps changing careers, she's always doing the same thing: telling stories that matter.

Stand up for civility

This news story is funded in large part by Connecticut Public’s Members — listeners, viewers, and readers like you who value fact-based journalism and trustworthy information.

We hope their support inspires you to donate so that we can continue telling stories that inform, educate, and inspire you and your neighbors. As a community-supported public media service, Connecticut Public has relied on donor support for more than 50 years.

Your donation today will allow us to continue this work on your behalf. Give today at any amount and join the 50,000 members who are building a better—and more civil—Connecticut to live, work, and play.

Related Content