Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

Russian cyber attackers used two unknown flaws - security company

Published 19/04/2015, 01:39
© Reuters. Illustration file picture shows a man typing on a computer keyboard in Warsaw
MSFT
-
ADBE
-

By Joseph Menn

SAN FRANCISCO (Reuters) - A widely reported Russian cyber-spying campaign against diplomatic targets in the United States and elsewhere has been using two previously unknown flaws in software to penetrate target machines, a security company investigating the matter said on Saturday.

FireEye Inc, a prominent U.S. security company, said the espionage effort took advantage of holes in Adobe Systems (NASDAQ:ADBE) Inc's Flash software for viewing active content and Microsoft Corp (NASDAQ:MSFT)'s ubiquitous Windows operating system.

The campaign has been tied by other firms to a serious breach at U.S. State Department computers. The same hackers are also believed to have broken into White House machines containing unclassified but sensitive information such as the president's travel schedule.

FireEye has been assisting the agencies probing those attacks, but it said it could not comment on whether the spies are the same ones who penetrated the White House because that would be classified as secret.

FireEye said that Adobe had issued a fix for the security weakness on Tuesday, so that users with the most current versions should be protected. The Microsoft problem by itself is less dangerous, since it involves enhanced powers on a computer from those of an ordinary user.

A Microsoft spokesman said the company was working on a patch.

In October, FireEye said the group it calls APT28 had been at work since 2007 and had targeted U.S. defence attaches and military contractors, NATO alliance offices, and government officials in Georgia and other countries of special interest to the Kremlin.

Days before that report, security firm Trend Micro Inc described a campaign it called "Pawn Storm" against computers in the State Department, Russian dissidents, NATO and other Eastern European nations. Because Pawn Storm and APT28 used some of the same tools and hit the same targets, other information security professionals concluded they were the same hackers.

On Thursday, Trend Micro said that the Pawn Storm hackers had increased their activity recently and had targeted bloggers who had interviewed President Barack Obama. It also said the group had "probably" stolen online credentials of a military correspondent at an unnamed major U.S. newspaper.

© Reuters. Illustration file picture shows a man typing on a computer keyboard in Warsaw

Though the security flaws APT28 used are new, it had been well established that the group was highly skilled. Saturday's report is one in a flurry generated by rival firms ahead of the RSA Conference next week in San Francisco, the largest annual technology security gathering in the country.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.