Russian Hackers Use Sandworm To Spy On Nato And The West

Russian hackers have used the Sandworm vulnerability to successfully spy on Nato and other western government computers by taking advantage of a bug in Microsoft’s Windows operating system.

A spokesperson for Nato confirmed that it is investigating the attack and there is speculation that the hackers have been attempting to glean information about the ongoing situation in Ukraine.

"Nato is looking into evidence of potential hacking or other exploitations on its networks that are linked to the Internet, in light of this report. This analysis is being conducted by our experts using knowledge gained from previously mitigated cyber-campaigns against Nato, to asses any potential ramifications. No impact is expected on Nato's classified operational networks, which are isolated from the Internet,” read a statement from Nato, according to the BBC.

Microsoft has already moved to fix the problem and will roll out an automatic update to all affected versions of Windows, though it failed to point out which versions these are.

Sandworm got its name due to a reference to the science fiction series Dune in the software code and various other victims have been targeted including Ukraine, Poland, energy, telecommunications and defence firms, plus delegates from the GlobSec conference on defence.

iSight Partners, a cyber-intelligence firm, claims that the hacking campaign has been rolling along for five years though the zero-day vulnerability in Windows has only been used since August and the campaign has been far more damaging since.

iSight’s report on the vulnerability, which is also known as Quedagh, explains that Nato was sent a document in December 2013 about European diplomacy that had malicious software embedded into it. Similar emails were forwarded to regional governments in Ukraine and a prominent academic working on Russia in the US.

"The malware has been around for years - it used to be a denial-of-service bot called Black Energy which these hackers have repurposed for their needs," added senior reseacher Mikko Hypponen. "The interesting thing is that when it is detected by IT staff it will show up as Black Energy, which they will see as a very old run-of-the-mill bug that didn't do much."

iSight couldn’t say if the hackers have ties to the Russian government though an analyst did add that the campaign bears all the hallmarks of being supported by a nation state due to the fact it is collecting data and not making money.

Image Credit: Flickr (Contando Estrelas)