BOSTON – Hackers, probably Russian, have exploited a bug in Microsoft Windows and other software to spy on computers used by NATO, the European Union, Ukraine and companies in the energy and telecommunications sectors, according to cyber-intelligence firm iSight Partners.
ISight said it did not know what data the hackers had found, but it suspected they were seeking information on the Ukraine crisis, as well as diplomatic, energy and telecommunications data, based on the targets and the subject-matter of infected emails sent to victims. The emails injected tainted code into the computers.
The five-year cyber espionage campaign is still ongoing, iSight said, dubbing the operation “Sandworm Team” because it found references to the “Dune” science fiction series in the hackers’ software code.
The operation used a variety of methods of attack, iSight said, adding that the hackers began only in August to exploit a vulnerability found in most versions of Windows.
ISight said it told Microsoft Corp. about the bug and held off on disclosing the problem so the software maker had time to fix it.
A Microsoft spokesman said the company plans to roll out an automatic update to affected versions of Windows on Tuesday.
There was no immediate comment from the Russian government, NATO, the EU or the Ukrainian government.
Researchers with Dallas-based iSight said they believed the hackers are Russian because of language clues in the software code and because of their choice of targets.
“Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here,” said John Hultquist, head of iSight’s cyber-espionage practice. The firm planned to release a 16-page report on Sandworm Team to its clients on Tuesday.
While technical indicators do not indicate whether the hackers have ties to the Russian government, Hultquist said he believed they were supported by a nation state because they were engaging in espionage, not cybercrime.
For example, in December 2013, NATO was targeted with a document on European diplomacy that carried malicious code. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight.
The firm said its researchers uncovered evidence that some Ukrainian government computer systems were infected, but that they were unable to confirm specific victims remotely.
Still, researchers believe a large percentage of those targeted systems were infected because the malicious software used was sophisticated, using a previously unknown method of attack that skirted virtually all known security protections, said Drew Robinson, a senior technical analyst with iSight Partners.
ISight said it had alerted some victims of Sandworm Team, but declined to elaborate.
The iSight research is the latest in a series of private-sector security reports that link Moscow to some of the most sophisticated cyber-espionage uncovered to date.
Russia’s Kaspersky Lab in August released details of a campaign that attacked two spy agencies and hundreds of government and military targets across Europe and the Middle East.