Russian Hackers Used Microsoft Bug to Spy on Ukraine and NATO - Mashable

Mashable, By Lorenzo Franceschi-Bicchierai

A group of Russian hackers used a previously undisclosed Microsoft bug to spy on the Ukrainian government and NATO officials, security researchers said.

The hackers used spear-phishing emails with malicious attachments, such as PowerPoint files, to target various victims across Europe and at least one in the United States, according to a report by iSight Partners published on Tuesday.

The group is apparently comprised of fans of the sci-fi novel Dune; their malware made various references to Frank Herbert's classic, earning them the nickname "Sandworm Team."

Researchers at iSight believe that the signs point to Russian hackers, based on a variety of information including their targets, the information they sought and several clues left in the cyberespionage campaign's infrastructure. (iSight did not specify what those clues were.)

"No matter how good you are, the targets almost always give away who you are,"

"No matter how good you are, the targets almost always give away who you are," John Hultquist, the senior manager at iSight, told Mashable.

But the researchers are careful to note that not enough evidence exists to say the group is definitively backed by the Russian government. The hackers were not seeking information from the black market, though, which would normally would indicate cybercriminals looking to earn a profit.

According to many cybersecurity experts, attribution is the hardest part of the job; not everyone is convinced the group has Russian origins.

"Proving this connection is extremely difficult," Alex Gostev, a security researcher at the Russian firm Kaspersky Lab, told Mashable. Read more.