Russian hackers have exploited a Microsoft Windows bug so that they could spy on NATO and government computers. The same bug was used to access computers in Ukraine and Poland, as well. NATO doesn’t know what kind of data the hackers were after, or what they managed to access on NATO computers, but supposedly, the Russian hackers were looking for information about the current crisis in Ukraine.
Microsoft has already addressed the issue and said that NATO and other government agencies should keep calm, because an automatic update should fix the bug the Russian hackers had exploited. We don’t know how many Microsoft Windows OS are affected, but it seems that each of them will be receiving the update shortly. A NATO spokesperson has reiterated the fact that they were looking into evidence of the hacking, with the help of their experts. Said NATO experts will be using data gathered from previously mitigated cyber campaigns against NATO. The same spokesperson said that NATO classified records were not compromised, because those are isolated from the internet, so there was no way the hackers could get to them.
The attack on NATO computers has been dubbed Sandworm, because researchers have found a reference to “Dune” in the software code of the bug hackers used. Besides NATO, energy, telecommunications and defense firms have also been targeted, and reports say that that delegates of the GlobSec conference also had their computers hacked. Supposedly, the hackers had been working on getting into NATO databases for five years, but hand’t used the Microsoft Windows bug until August 2014.
Some reports are stating that the hackers who had targeted NATO and other agencies to gather information about the Ukrainian crisis were tied in with the Russian government, receiving national support and were acting as spies rather than driven by monetary interests. Supposedly, malicious software had been smuggled into NATO servers via a document sent over a year ago. The same document was sent to regional governments in Ukraine and the US as well.
The malware these hackers had implemented in NATO servers was supposedly around for a long time, undetected, because it had been repackaged from an older bug. Supposedly, the bug comes from the Black Energy bot, which used to be a denial-of-service bot. The Russian hackers might have repurposed that bot to create Sandworm and gather information from NATO computers. Russian cyber-attacks have been coming to light more often in the past few months, in light of the Ukrainian crisis. Many are saying that the cyber attacks stemming from Russia are becoming a major concern all around the world.