Microsoft Says Russian Hackers Exploited Flaw in Windows – Wall Street Journal

Microsoft CEO Satya Nadella speaks during an event in India earlier this year.
ENLARGE

The hackers believed responsible for breaking into computers at the Democratic National Committee have exploited previously undisclosed flaws in Microsoft Corp.’s Windows operating system and Adobe Systems Inc.’s Flash software, Microsoft said Tuesday.

It is unclear if those hackers, reportedly tied to Russia, used the newly disclosed vulnerabilities to hack into the DNC.

Microsoft Tuesday criticized Alphabet Inc’s Google for publicly identifying the Windows flaw on Monday, before Microsoft had had a chance to issue a patch.

In a blog post, Terry Myerson, executive vice president of Microsoft’s Windows and Devices Group, said the hackers, whom the company has dubbed Strontium, used “phishing” email messages leveraging vulnerabilities in Windows and Adobe Flash to target a specific set of customers.

People familiar with the matter said Strontium is the same group that others have identified as Fancy Bear and accused of breaking into the DNC’s systems. U.S. government officials have blamed Russia for hacks of the DNC and other prominent Washington players this year.

Adobe said that it patched the flaw in its software on Oct. 26, five days after being notified by Google of its existence. “We do not have any information on the specific use of the exploit,” a spokeswoman said by email.

An Alphabet spokesman declined to comment.

Microsoft expects to issue a patch to resolve the issue Nov. 8. A company spokesman declined to comment beyond the blog post.

In the blog post, Mr. Myerson said users of its Edge browser on computers running the most current version of its Windows 10 operating system are protected from the attack.

In a security report last year, Microsoft said Strontium has been active since 2007 and is primarily interested in “sensitive information” rather than financial gain. According to the report, Strontium’s targets have included governments, diplomatic institutions, military forces and installations in NATO member states, as well as journalists and political advisers.

“The group’s persistent use of spear phishing tactics and access to previously undiscovered zero-day exploits have made it a highly resilient threat,” the report said.

In phishing attacks, hackers trick victims into visiting webpages that they control, either to trick the victim into disclosing a username and password, or to use specially crafted software to take control of the victim’s computer. A “zero-day” exploit is an attack that leverages a previously undisclosed software bug.

In its security report, Microsoft noted that Strontium typically identifies and profiles potential victims using email lists and information harvested from public forums or social-networking sites. The group relies on past phishing attacks to augment its data, sifting through emails it’s collected to identify connections between prior targets and the current target.

The group that security investigators have linked to breaches at the Democratic National Committee and the Democratic Congressional Campaign Committee has been given several names by computer security firms. CrowdStrike Inc. calls it “Fancy Bear.” Microsoft uses the name Strontium.

Files taken from the DNC and others have been posted to the internet by WikiLeaks and another group calling itself DC Leaks.

Last month, U.S. intelligence agencies took the unusual step of jointly accusing the Russian government of attempted interference in the U.S. election by leaking email messages that it had hacked from the Democratic National Committee and others. Russia has denied involvement in these hacks.

Write to Jay Greene at Jay.Greene@wsj.com and Robert McMillan at Robert.Mcmillan@wsj.com

Comments

Write a Reply or Comment:

Your email address will not be published.*