



Russian hackers targets NATO, Ukraine, U.S and European academic and government agencies by using a zero-day windows bug.





According to security firm iSight Partners, hackers are using a zero-day bug in windows systems to spy on various targets. The zero-day bug is exists in windows Vista, 7, 8 and 8.1. It's also present in 2008 and 2012 versions of Windows used by company servers. That is, nearly 68 % of worlds computers are vulnerable to this type of attack.





Who Is Behind ?

A Russian hacker group is reportedly behind these attacks. Sandworm hackers are using this bug and other bugs from 2009 to steal diplomatic and intelligence documents, as well as data that could be used to penetrate further systems.The team targeted dozens of computers used by Nato, the Ukrainian and EU governments, French telecom firms, Polish energy firms and a US academic body, iSight said.





iSight said, "We immediately notified targeted entities, our clients across multiple government and private sector domains and began working with Microsoft to track this campaign and develop a patch to the zero-day vulnerability."





Attack Scenario

The vulnerability exists in the OLE package manager in Microsoft Windows and Server. The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files. In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources.





An attacker can exploit this vulnerability to execute arbitrary code but will need a specifically crafted file and use social engineering methods to convince a user to open it.



