Microsoft says it is under attack from Russian hackers Fancy Bear

2 Nov 2016

A Russian Bear. The US has formally accused Russia of orchestrating attacks on US bodies. Image: Canon Boy/Shutterstock

Microsoft says the attack on Windows is the handiwork of Russian hacker group Fancy Bear, which normally targets political parties.

It kicked off yesterday when Google revealed the existence of a zero-day flaw, or security hole, that makes it possible to take control of a user’s computer.

Microsoft has attributed the attack to Russian hacker group Strontium, otherwise know in the media as Fancy Bear. The latter have previously spearheaded attacks on political sites such as the Democrats in the US, as well as the World Anti-Doping Agency.

Microsoft said that as well as the vulnerability in Windows pointed out by Google, the tech giant is also enduring a low-volume spear-phishing campaign orchestrated by the Russian hacker group.

Google has some patching up to do with Microsoft

Microsoft said that a patch to protect Windows users against the new threat will be released on 8 November, which is election day in the US.

The US government last month formally blamed the Russian government for the hacks of the Democratic Party emails and their disclosure to Wikileaks.

Microsoft said that it is coordinating with Google and Adobe to investigate the attacks by Fancy Bear.

“Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible,” said Terry Myerson, vice president for Windows and Devices at Microsoft. “And we take this responsibility very seriously.

“Recently, the activity group that Microsoft Threat Intelligence calls Strontium conducted a low-volume spear-phishing campaign.

“Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild.

“This attack campaign, originally identified by Google’s threat analysis group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.”

Myerson did not hide Microsoft’s displeasure at Google’s decision to reveal the threat.

“Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” he said.

“To address these types of sophisticated attacks, Microsoft recommends that all customers upgrade to Windows 10, the most secure operating system we’ve ever built, complete with advanced protection for consumers and enterprises at every layer of the security stack.

“Customers who have enabled Windows Defender Advanced Threat Protection (ATP) will detect Strontium’s attempted attacks, thanks to ATP’s generic behaviour detection analytics and up-to-date threat intelligence,” Myerson said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com