Russia-Linked Cyberspies Are Exploiting the Windows Zero-Day Bugs

Earlier this calendar week, Google's Threat Analysis Group revealed a Windows zippo-mean solar day vulnerability that is beingness actively exploited in the wild. Post-obit Google'southward going public with the information subsequently giving Microsoft merely 10 days to send a patch, the Redmond software behemothic wasn't happy with how Google handled the vulnerability data. Today, Microsoft has acknowledged that the exploit is being used by a sophisticated threat group, the same group that was responsible for the hacks of the Autonomous National Commission.

Terry Myerson, executive vice president of Microsoft's Windows and Devices group, said that a hacking group previously linked to the Russian government and the political hacks on US is behind recent cyber attacks that are exploiting the newly discovered Windows vulnerability.

Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM conducted a low-volume spear-phishing campaign. Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild. This set on campaign, originally identified by Google's Threat Analysis Group, used 2 zip-day vulnerabilities in Adobe Wink and the downward-level Windows kernel to target a specific fix of customers.

Windows null-twenty-four hour period patch volition go far on November viii

Strontium is most widely known as "Fancy Bear" or APT 28. Fancy Bear has been linked to several high-profile cyber attacks, including the government organizations in Germany and Turkey, U.s. Democratic Party, and the investigators of the flight MH17 crash.

Microsoft's advisory comes afterwards Washington accused the Kremlin of launching a hacking campaign to influence and discredit the 2022 The states Presidential election. Yesterday, we also saw the UK and the MI5 talking about an "increasingly aggressive" Russia in the cyber infinite. Russia, nonetheless, has denied all these accusations.

It'south non clear if the Windows null-days were used as part of the US election hacks, which were also accomplished through spear-phishing attacks.

Myerson noted that those using Windows 10 Ceremony Update with Windows Defender Avant-garde Threat Detection are protected against this exploit. The software detects "STRONTIUM'southward attempted attacks thanks to ATP's generic behavior detection analytics and up-to-date threat intelligence."

The patch for the exploit is underway, and will be released in the next Patch Tuesday which falls on November 8. The exploit is used along with a similar Adobe Flash vulnerability, which has been patched. Some have suggested to patch Wink that would in turn protect users from Windows vulnerabilities too. However, Microsoft didn't confirm if this workaround volition fix the problem.

Microsoft is definitely annoyed by Google'due south going public with the malware data, and Myerson didn't miss to comment on that too. "Google's decision to disembalm these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased chance," he wrote.