Microsoft says Russia-linked hackers exploiting flaw in Windows
Patch available on November 8
PUBLISHED : Wednesday, 02 November, 2016, 6:24am
UPDATED : Wednesday, 02 November, 2016, 6:24am
Related topics
Microsoft said on Tuesday that a hacking group previously linked to the Russian government and US political hacks was behind recent cyber attacks that exploited a newly discovered Windows security flaw.
The software maker said in an advisory on its website there had been a small number of attacks using “spear phishing” emails from a hacking group known Strontium, which is more widely known as “Fancy Bear,” or APT 28. Microsoft did not identify any victims.
Microsoft’s disclosure of the new attacks and the link to Russia came after Washington accused Moscow of launching an unprecedented hacking campaign aimed at disrupting and discrediting the upcoming US election.
The US government last month formally blamed the Russian government for the election-season hacks of Democratic Party emails and their subsequent disclosure via WikiLeaks and other entities. Russia has denied those accusations.
Microsoft said a patch to protect Windows users against the newly discovered threat will be released on November 8, which is Election Day. It was not clear whether the Windows vulnerability had been used in any of the recent US political hacks.
Representatives of the FBI and the Department of Homeland Security could not immediately be reached for comment.
A US intelligence expert on Russian cyber activity said that Fancy Bear primarily works for or on behalf of the GRU, Russia’s military intelligence agency, which US intelligence officials have concluded were responsible for hacks of Democratic Party databases and emails.
In spear phishing, an attacker sends targeted messages, typically via email, that exploit known information to trick victims into clicking on malicious links or open tainted attachments.
Microsoft said the attacks exploited a vulnerability in Adobe Systems Inc’s Flash software and one in the Windows operating system.
Adobe released a patch for that vulnerability on Monday, when security researchers with Google went public with details on the attack.
Microsoft chided rival Google for going public with details of the vulnerabilities before it had time to prepare and test a patch to fix them.
“Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” Microsoft said.
A Google representative declined to comment on Microsoft’s statement.
Google disclosed the flaw on Monday, following its standing policy of going public seven days after discovering “critical vulnerabilities” that are being actively exploited by hackers.
Google gives software companies 60 days to patch less serious bugs.
Most Popular
Viewed
- 1
![In the second report in a series, He Huifeng and Celia Chen look at how Beijing's ambitious industrial plan aims to break China’s reliance on foreign technology and pull its hi-tech industries up to Western levels]( "In the second report in a series, He Huifeng and Celia Chen look at how Beijing's ambitious industrial plan aims to break China’s reliance on foreign technology and pull its hi-tech industries up to Western levels")
- 2
![Alibaba Group Holding executive chairman Jack Ma Yun had promised to create 1 million jobs in the US during a meeting with US President Donald Trump in January last year. Photo: Reuters]( "Alibaba Group Holding executive chairman Jack Ma Yun had promised to create 1 million jobs in the US during a meeting with US President Donald Trump in January last year. Photo: Reuters")
- 3
![A screenshot from independently produced documentary Bitcoin Girl, available on streaming video service iQiyi, shows the titular cryptocurrency user, who is known by her online name He Youbing. Photo: iQiyi]( "A screenshot from independently produced documentary Bitcoin Girl, available on streaming video service iQiyi, shows the titular cryptocurrency user, who is known by her online name He Youbing. Photo: iQiyi")
- 4
![The Luohu district of Shenzhen, third in a new list of Asian tech hotspots compiled by Colliers. Photo: SCMP]( "The Luohu district of Shenzhen, third in a new list of Asian tech hotspots compiled by Colliers. Photo: SCMP")
- 5
![Meituan’s shares will begin trading on Thursday in Hong Kong after the company raised HK$33.14 billion. Photo: Bloomberg]( "Meituan’s shares will begin trading on Thursday in Hong Kong after the company raised HK$33.14 billion. Photo: Bloomberg")
Shared
- 1
![In the second report in a series, He Huifeng and Celia Chen look at how Beijing's ambitious industrial plan aims to break China’s reliance on foreign technology and pull its hi-tech industries up to Western levels]( "In the second report in a series, He Huifeng and Celia Chen look at how Beijing's ambitious industrial plan aims to break China’s reliance on foreign technology and pull its hi-tech industries up to Western levels")
- 2
![Alibaba Group Holding executive chairman Jack Ma Yun had promised to create 1 million jobs in the US during a meeting with US President Donald Trump in January last year. Photo: Reuters]( "Alibaba Group Holding executive chairman Jack Ma Yun had promised to create 1 million jobs in the US during a meeting with US President Donald Trump in January last year. Photo: Reuters")
- 3
![A screenshot from independently produced documentary Bitcoin Girl, available on streaming video service iQiyi, shows the titular cryptocurrency user, who is known by her online name He Youbing. Photo: iQiyi]( "A screenshot from independently produced documentary Bitcoin Girl, available on streaming video service iQiyi, shows the titular cryptocurrency user, who is known by her online name He Youbing. Photo: iQiyi")
- 4
![Meituan’s shares will begin trading on Thursday in Hong Kong after the company raised HK$33.14 billion. Photo: Bloomberg]( "Meituan’s shares will begin trading on Thursday in Hong Kong after the company raised HK$33.14 billion. Photo: Bloomberg")
- 5
![The Luohu district of Shenzhen, third in a new list of Asian tech hotspots compiled by Colliers. Photo: SCMP]( "The Luohu district of Shenzhen, third in a new list of Asian tech hotspots compiled by Colliers. Photo: SCMP")
Commented
- 1
![Home prices are headed in the right direct, at least for younger buyers. But that’s bad news for sellers, some of whom are having to shave million off their asking prices. Photo: SCMP]( "Home prices are headed in the right direct, at least for younger buyers. But that’s bad news for sellers, some of whom are having to shave million off their asking prices. Photo: SCMP")
- 2
![Nan Fung Development’s LP6 project in Tseung Kwan O. Photo: Roy Issa]( "Nan Fung Development’s LP6 project in Tseung Kwan O. Photo: Roy Issa")
- 3
![Thousands of potential buyers line up at the sales launch of Nan Fung Development’s LP6 development in Tseung Kwan O on 15 September 2018, during the calm before Super Typhoon Mangkhut made landfall in Hong Kong. Photo: SCMP/ Edward Wong]( "Thousands of potential buyers line up at the sales launch of Nan Fung Development’s LP6 development in Tseung Kwan O on 15 September 2018, during the calm before Super Typhoon Mangkhut made landfall in Hong Kong. Photo: SCMP/ Edward Wong")
- 4
![Soggy, but not discouraged, Hong Kong homebuyers overcome typhoon aftermath to snap up flats on Monday]()
- 5
![Hong Kong’s grade A office vacancy rate has steadily trended lower over the last 20 years. Photo: Daniel Cheung Sung-lok]( "Hong Kong’s grade A office vacancy rate has steadily trended lower over the last 20 years. Photo: Daniel Cheung Sung-lok")
You may also like
How you can protect your smart devices from cyberattack
In partnership with: HKT PREMIER
Jaeger-LeCoultre puts on the ritz at Venice International Film Festival
Brought to you by: Jaeger-LeCoultre
Comments: