Microsoft Accuses Russian Hackers Of Exploiting Windows

A Russian hacking collective called ‘Fancy Bear’ has been blamed by Microsoft for exploiting a flaw in its operating system, Windows, that was recently made public by Google.

The company said in a security advisory that a hacking group previously linked to the Russian government and US political hacks has exploited a newly discovered Windows zero-day flaw that was outed by Google earlier this week.

Microsoft said that the hacking group ‘Strontium’, more commonly known as Fancy Bear, had carried out a small number of attacks using spear phishing techniques.

The hackers first compromised Adobe Flash, according to Microsoft, before using a second exploit to target a Windows kernel vulnerability in Vista through to Windows 10. From there, the so-called Fancy Bear hackers were able to install a backdoor on a victim’s PC.

Terry Myerson, executive vice president of Microsoft’s Windows and Devices division, said: “Recently, the activity group that Microsoft Threat Intelligence calls Strontium conducted a low-volume spear phishing campaign.

“This attack campaign, originally identified by Google’s Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.”

Myerson added that Microsoft “has attributed more zero-day exploits to Strontium than any other tracked group in 2016“.

terry myerson microsoft
Terry Myerson

Microsoft said that a patch to protect users against this latest threat will be released on 8 November, but Myerson has advised customers to upgrade to the latest version of Windows 10 to be protected immediately.

Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild,” he said.

The technology company thanked Google for bringing the vulnerability to its attention, although it wasn’t too pleased that the firm made it public.

We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure,” the firm said.

Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk.”

Google has however maintained that disclosing known and “actively exploited” vulnerabilities is in the interest of people seeking to secure their systems.


Please enter your comment!
Please enter your name here