Support The Moscow Times!

Russian Cyber Attackers Used 2 Unknown Flaws ?€” U.S. Security Firm

The same hackers are also believed to have broken into White House machines containing unclassified but sensitive information such as the president's travel schedule. Kacper Pempel / Reuters

SAN FRANCISCO — A widely reported Russian cyber-spying campaign against diplomatic targets in the United States and elsewhere has been using two previously unknown flaws in software to penetrate target machines, a security company investigating the matter said on Saturday.

FireEye Inc, a prominent U.S. security company, said the espionage effort took advantage of holes in Adobe Systems Inc's Flash software for viewing active content and Microsoft Corp's ubiquitous Windows operating system.

The campaign has been tied by other firms to a serious breach at U.S. State Department computers. The same hackers are also believed to have broken into White House machines containing unclassified but sensitive information such as the president's travel schedule.

FireEye has been assisting the agencies probing those attacks, but it said it could not comment on whether the spies are the same ones who penetrated the White House because that would be classified as secret.

FireEye said that Adobe had issued a fix for the security weakness on Tuesday, so that users with the most current versions should be protected. The Microsoft problem by itself is less dangerous, since it involves enhanced powers on a computer from those of an ordinary user.

A Microsoft spokesman said the company was working on a patch.

In October, FireEye said the group it calls APT28 had been at work since 2007 and had targeted U.S. defense attaches and military contractors, NATO alliance offices and government officials in Georgia and other countries of special interest to the Kremlin.

Days before that report, security firm Trend Micro Inc described a campaign it called "Pawn Storm" against computers in the State Department, Russian dissidents, NATO and other Eastern European nations. Because Pawn Storm and APT28 used some of the same tools and hit the same targets, other information security professionals concluded they were the same hackers.

On Thursday, Trend Micro said that the Pawn Storm hackers had increased their activity recently and had targeted bloggers who had interviewed President Barack Obama. It also said the group had "probably" stolen online credentials of a military correspondent at an unnamed major U.S. newspaper.

Though the security flaws APT28 used are new, it had been well established that the group was highly skilled. Saturday's report is one in a flurry generated by rival firms ahead of the RSA Conference this week in San Francisco, the largest annual technology security gathering in the country.

… we have a small favor to ask.

As you may have heard, The Moscow Times, an independent news source for over 30 years, has been unjustly branded as a "foreign agent" by the Russian government. This blatant attempt to silence our voice is a direct assault on the integrity of journalism and the values we hold dear.

We, the journalists of The Moscow Times, refuse to be silenced. Our commitment to providing accurate and unbiased reporting on Russia remains unshaken. But we need your help to continue our critical mission.

Your support, no matter how small, makes a world of difference. If you can, please support us monthly starting from just 2. It's quick to set up, and you can be confident that you're making a significant impact every month by supporting open, independent journalism. Thank you.

Continue

Read more