ARS Technica writes suspected Russian cyber attackers have been targeting a 0-day vulnerability in Windows over the last year. Prime targets included NATO, Ukrainian and Polish government agencies, as well as a variety of sensitive European industries.
The security flaw was patched today as part of Microsoft's Patch Tuesday update cycle. Surprisingly, newer versions of Windows were vulnerable but the old Windows XP was not vulnerable to the attack. The zero-day attack is dubbed "Sandworm" because security researchers found references to Frank Herbert's Dune series in the worm's code. The attack is reportedly very subtle and anti-malware makers are had a hard time writing signatures for it.
"We can confirm that NATO was hit; we know from several sources that multiple organizations in the Ukraine were targeted," said John Hultquist, senior manager of cyber-espionage threat intelligence for iSIGHT. "We have seen them using Ukrainian infrastructure as part of their attacks."
The Sandworm Team, named because its members include references from Frank Herbert's Dune series in their code, also used a previously unknown software flaw, or 0day vulnerability, to compromise some targets. Using the security hole, the Sandworm group could execute their attacks on systems running up-to-date versions of Windows Vista, Windows 7, Windows 8, and Windows RT. Microsoft plans to release a patch for the flaw during its regular updates on Tuesday.