Russian hackers used Windows bug to target Nato

“Although we have also seen as many attacks from the Quedagh bug in Poland as in Ukraine and we can’t really explain that,” he said.

The ex-Soviet states had always been the number one source of malware, agreed Mr Hypponen and, since the Ukraine crisis, he too has also seen a rise in the number of espionage-based attacks.

The iSight research team said that it was tracking a “growing drum beat” of cyber-espionage activities emanating from Russia.

“The interesting thing is that when it is detected by IT staff it will show up as Black Energy, which they will see as a very old run-of-the-mill bug that didn’t do much.”

“The malware has been around for years – it used to be a denial-of-service bot called Black Energy which these hackers have repurposed for their needs.”

Senior researcher Mikko Hypponen said that the malware had gone undetected for years because it had been repackaged from an even older bug.

Other research firms, including F-Secure have previously reported on the Sandworm bug – albeit under another name, Quedagh.

At the same time, several regional governments in the Ukraine and an academic working on Russian issues in the US were sent malicious emails, claiming to contain a list of pro-Russian extremist activities.

In a 16-page report, iSight explained how, in December 2013, Nato was targeted with a document purporting to be about European diplomacy but with malicious software embedded in it.

Although iSight could not say whether the hackers had ties with the Russian government, one senior analyst said he thought the campaign was supported by a nation state because the hackers were engaged in information-gathering rather than making money.

The hacking campaign had been going on for five years, although the use of the so-called zero-day vulnerability in Windows (meaning a bug that Microsoft was not previously aware of) began only in August this year and allowed the hackers to ramp up their campaign and target more sources.

Other victims include energy, telecommunications and defence firms, delegates of the GlobSec conference about national security and an academic who was an expert in Russian-Ukraine relations.

The hacking campaign has been dubbed Sandworm because the researchers found reference to the science fiction series Dune in the software code.

A spokesman said that the company would roll out an automatic update to affected versions of Windows.

Microsoft said it would fix the bug.

It did not know what data the hackers had accessed but speculated that it was looking for information about the crisis in Ukraine.

The same bug was used to access computers in Ukraine and Poland, said cyber-intelligence firm iSight Partners.

Russian hackers exploited a bug in Microsoft’s Windows to spy on computers used by Nato and western governments, a report indicates.

Ukraine far right battles police at parliament in Kiev

Tensions are mounting in Ukraine ahead of elections scheduled for 26 October. There are some doubts whether Svoboda will pass the 5% threshold necessary to get parliamentary seats.

At times they were allied with the Nazis and are said to have carried out atrocities against civilians.

UPA members fought for Ukrainian independence in the war, but recognising their role is highly controversial, the BBC’s David Stern reports from Kiev.

Among the many Ukrainian flags in the crowd there were also flags of the far-right Svoboda and Right Sector groups. Both groups later denied that their supporters had been involved in the violence.

At least one petrol bomb was thrown at the parliament building in the unrest and there are unconfirmed reports that some bullets were fired.

MPs did not vote to recognise the wartime Ukrainian Insurgent Army (UPA).

Most of the crowd has now dispersed. Police used batons in the clashes and linked arms to protect the parliament.

Violence erupted when the protesters demanded that MPs pass a law to recognise a World War II nationalist group which opposed Soviet forces.

Ukrainian nationalists have hurled smoke canisters and stones at riot police during clashes outside the parliament in Kiev.

Russian Hackers Used Bug in Microsoft Windows for Spying, Report Says

Many of the emails used were specifically related to the Ukrainian conflict and to wider issues linked to Russia, the company said.

ISight said the group often used so-called spear-phishing techniques in its attacks against Western government and commercial targets. That involved sending emails to prospective targets with documents attached that, when opened, could allow the attacker to gain control of the computer.

ISight said it had called the Russian hackers the “Sandworm Team” because they used encoded references to the science fiction series “Dune” in their attacks.

Representatives for Microsoft and the Russian government were not immediately available for comment.

While the vulnerability affected many versions of Microsoft Windows, iSight said the Russian hackers appeared to be the only group to use the bug. The company added, however, that other companies and organizations may also have been affected by the attacks.

“The use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree,” the computer security company said in a statement.

Despite efforts to thwart the Russian hackers’ attacks, iSight said using the Microsoft zero-day bug and other illegal tactics almost certainly allowed the hackers to gain some access to their targets.

The bug affected versions from Windows Vista to the company’s latest software, Windows 8.1, though Microsoft is expected to release an update on Tuesday to close the potential vulnerability.

The illegal activities started as early as 2009 and used a variety of techniques to gain access to delicate information. ISight said the Russian hackers started using the vulnerability in Microsoft’s Windows operating system known as zero-day only in the late summer.

That included the NATO summit meeting in Wales in early September regarding the Ukrainian conflict in which the Russian hackers targeted the Eastern European country’s government and at least one American organization, the report said.

While it is unclear what type of information may have been accessed, iSight said that the targets of the attacks were often linked to the continuing standoff in Ukraine between Russia and the West.

The targets also included European energy and telecommunications companies and an undisclosed academic organization in the United States, the cybersecurity report said.

LONDON — Russian hackers used a bug in Microsoft’s Windows operating system to spy on several Western governments, NATO and the Ukrainian government, according to a report released Tuesday by iSight Partners, a computer security firm in Dallas.

Russian Hackers Target NATO, Ukraine and Others

(Reporting by Jim Finkle; Additional reporting by Alastair Macdonald; Editing by Tiffany Wu)

Russia’s Kaspersky Lab in August released details on a campaign that attacked two spy agencies and hundreds of government and military targets across Europe and the Middle East.

The iSight research is the latest in a series of private sector security reports that link Moscow to some of the most sophisticated cyber espionage uncovered to date.

ISight said it had alerted some victims of Sandworm Team, but declined to elaborate.

Still, researchers believe a large percentage of those targeted systems were infected because the malicious software used was very sophisticated, using a previously unknown attack method that enabled it to get past virtually all known security protections, said Drew Robinson, a senior technical analyst with iSight Partners.

The firm said its researchers uncovered evidence that some Ukrainian government computer systems were infected, but they were unable to remotely confirm specific victims among those systems that had been targeted.

For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight.

While technical indicators do not indicate whether the hackers have ties to the Russian government, Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime.

“Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here,” said John Hulquist, head of iSight’s cyber espionage practice. The firm plans to release a 16-page report on Sandworm Team to its clients on Tuesday.

Researchers with Dallas-based iSight said they believed the hackers are Russian because of language clues in the software code and because of their choice of targets.

There was no immediate comment from the Russian government, NATO, the EU or the Ukraine government.

A Microsoft spokesman said the company plans to roll out an automatic update to affected versions of Windows on Tuesday.

ISight said it told Microsoft Corp about the bug and held off on disclosing the problem so the software maker had time to fix it.

The operation used a variety of ways to attack the targets over the years, iSight said, adding that the hackers began only in August to exploit a vulnerability found in most versions of Windows.

The five-year cyber espionage campaign is still going on, according to iSight, which dubbed the operation “Sandworm Team” because it found references to the “Dune” science fiction series in the software code used by the hackers.

ISight said it did not know what data had been found by the hackers, though it suspected they were seeking information on the Ukraine crisis, as well as diplomatic, energy and telecom issues, based on the targets and the contents of phishing emails used to infect computers with tainted files.

BOSTON — Russian hackers exploited a bug in Microsoft Windows and other software to spy on computers used by NATO, the European Union, Ukraine and companies in the energy and telecommunications sectors, according to cyber intelligence firm iSight Partners.

Russian Diplomat Calls Australian Leader Immature

A senator for the influential Palmer United Party, Jacqui Lambie, said in a statement that Abbott and opposition leader Bill Shorten, who has called on Putin to pull out of the G20 summit, should “stop acting like hormone-affected school boys trying to out-macho each other” and keep lines of communications open with Russia.

“But I certainly expect that while he’s a guest of Australia, he will undertake to have a conversation with the Australian prime minister,” Abbott said.

Abbott explained that no request for a bilateral meeting had been made yet because his program had yet to be finalized.

“There has not been a request for bilateral meetings between Russian and Australian leaders, so we are not exactly sure where and when Prime Minister Abbott would like to shirtfront President Putin,” he said.

Odoevski said Putin was preparing to only attend the multilateral meeting of government leaders.

“We’ve all seen the impact of Russian policy on the innocent people on board Flight MH17. I think the very least I can do, speaking for Australia’s dead and speaking for the families of Australia’s dead and indeed speaking for the world’s victims is to have a very robust conversation with President Putin,” he added.

I am “absolutely determined to have a very robust conversation with the Russian President,” Abbott told reporters.

Abbott toned down his language on Tuesday, failing to directly answer questions about whether he would carry through with his threat against Putin or whether he regretted making it.

Abbott’s threat was hyperbole. But the embassy’s rare public response underscored a deepening bilateral rift.

Odoevski did not immediately respond to Associated Press’s request for comment on Tuesday.

“Hopefully there’s no fight. Well, definitely we admire the Australian prime minister. He’s very fit, but the Russian president, he’s a professional judo wrestler,” Odoevski told Ten Network television.

“We consider the recent statements tough talk; we consider it immature,” Odoevski told Australian Associated Press.

Alexander Odoevski, third secretary of the Russian Embassy in Canberra, described Abbott’s threat as unhelpful.

Abbott is an athletic 56-year-old former amateur boxer who famously punched his Treasurer Joe Hockey unconscious when they were both Sydney University students decades ago. Putin is a 62-year-old former KGB officer and judo black belt.

Abbott told reporters on Monday he was “going to shirtfront Mr. Putin,” using an Australian Rules Football term for a head-on shoulder charge to an opponent’s chest aimed at knocking the opponent backward to the ground.

Prime Minister Tony Abbott intends to have a one-on-one meeting with Putin on the sidelines of a summit of the world’s 20 biggest economies in Brisbane next month to demand Russian cooperation with a Dutch-led investigation into the shooting down of a Malaysia airliner in Ukraine by Russian-backed separatists with the loss of 298 lives in July.

A Russian diplomat on Tuesday dismissed the Australian prime minister’s threat of a physical confrontation with the Russian president as immature, warning that Vladimir Putin is a judo expert.

Australia PM vows to ‘shirtfront’ Putin at G20 over MH17

The G20 leaders’ summit takes place from November 15-16.

“But nevertheless, it’s not up to us to determine who is and who is not a member of the G20. I want the G20 to continue. I want Australia to be a constructive and strong member of the G20. I don’t want to be a G20 wrecker.”

“Now, I think that there’ll be a lot of tough conversations with Russia and I suspect that the conversation that I have with Mr. Putin will be the toughest conversation of all.

“While Australia is the president of the G20 this year, we can’t make unilateral decisions. It has to be by consensus and the G20 consensus is that Russia should come,” said Abbott.

Australia had initially been reluctant for Putin to attend the G20, but member nations indicated that he should, in order to address the geo-political tensions.

Kiev and the West have accused Moscow-backed separatists of shooting down the plane with a surface-to-air BUK missile supplied by Russia. Moscow denies the charge and has pointed the finger back at Kiev.

“But we now demand that you fully cooperate with the criminal investigation, and if the criminal investigation identifies suspects that you have some influence over, they’ve got to be produced and justice has got to be done.”

“We accept that you didn’t want this to happen,” he added.

“I’m going to be saying to Mr. Putin — Australians were murdered and they were murdered by Russian-backed rebels using Russian supplied equipment. We are very unhappy about this.

“I’m going to shirtfront Mr. Putin — you bet I am,” Abbott told reporters, referring to an Australian sporting term in which a player charges someone.

He said Monday he would be confronting Putin over the tragedy.

Abbott has used tough language against Russia since a Malaysia Airlines plane was shot down over eastern Ukraine in July, killing all 298 onboard — including 38 Australian citizens or residents.

But Treasurer Joe Hockey confirmed Sunday the Russian leader would attend, despite concerns about Russia’s actions in Ukraine in recent months.

Australia is hosting the summit in Brisbane and there had been question marks over whether Putin would take part.

Prime Minister Tony Abbott on Monday vowed to “shirtfront”, or confront, Russian President Vladimir Putin at the G20 summit next month over the loss of Australian lives in the MH17 crash over Ukraine.

Jacqui Lambie says Vladimir Putin has ‘great values’, labels Tony Abbott’s ‘shirtfront’ comment ‘immature’

stories from Queensland

First posted

October 14, 2014 09:43:47


“I think Vladimir Putin would be better not coming to Australia but if he is going to come to Australia, then Tony Abbott is absolutely right to front him and to deal with him.”

“Vladimir Putin has thumbed his nose at the world, he’s thumbed his nose at the victims of MH17 and their families,” he said.

Eighteen Victorians were among those killed and Premier Denis Napthine said Mr Putin should be sent a clear message when he arrives in Brisbane.

“It was an act of murder. I believe Putin knows more about what happened with MH17 than he’s let on,” Mr Shorten said.

Mr Shorten said yesterday there was evidence to indicate “indirect, if not direct, Russian involvement in the shooting down of this plane”.

“They were murdered by Russian-backed rebels using Russian-supplied equipment.”

“I am going to be saying to Mr Putin [that] Australians were murdered.

“Look, I’m going to shirtfront Mr Putin … you bet I am,” Mr Abbott told reporters in Queensland.

Russia has backed separatists in eastern Ukraine who are suspected of shooting down the Malaysia Airlines flight.

Mr Abbott said yesterday he would “shirtfront” Mr Putin in Brisbane next month over the deaths of 38 Australian citizens and residents in the MH17 crash.

“I would suggest the PM start acting like a PM and extend the olive branch out.”

“I think the rhetoric of the Prime Minister is extremely immature and there is absolutely no need for that,” she said.

She said Mr Putin did not pull the trigger that led to MH17′s destruction and called on Mr Abbott and Opposition Leader Bill Shorten to “stop acting like hormone-affected schoolboys trying to outmuscle each other on the footy field”.

“And unlike most Australian political leaders, there’s no BS about him.”

“He’s impressed me with his no-nonsense attitude to the threat of Islamic extremism,” she wrote.

Senator Lambie released a statement this morning in which she said Mr Putin was an “important and powerful world leader who must be listened to and spoken with”.

“He’s certainly doing his bit to stamp out terrorism and I guess you’ve got to pay the man for that.”

“I think he has very strong leadership. He has great values.

“Yeah, I do like Vladimir Putin,” she told the ABC’s Radio National.

Senator Lambie said Mr Abbott had to realise he was no longer in the school yard and she appealed to the Government to maintain a civil relationship with Mr Putin.

Mr Abbott made the remarks yesterday when confirming he would hold talks with Mr Putin at next month’s G20 summit over the death of Australians in the MH17 disaster.

Palmer United Party senator Jacqui Lambie has rebuked Prime Minister Tony Abbott for saying he will “shirtfront” Russian president Vladimir Putin, labelling the comment “immature”.


October 14, 2014 10:59:26

Russia’s ruble hits new record low as oil price adds pressure

“However, a weaker ruble is likely to stabilise the current account and also alleviate the effects of a drop in oil prices on the budget.”

“Otherwise, we see growth turning negative and the ruble hitting new lows,” it said in a research note.

“We estimate growth is likely to remain positive only with oil prices above $92-93/barrel.

Renaissance Capital warned that a sustained drop in oil price to around the $90 mark would see the ruble hover close to 41 to the dollar, while a drop of another $10 could see it hit 42.

That level is well beneath the $100 per barrel mark, the price which Russia needs to shore up its public finances.

Oil prices on Monday fell to a fresh four-year low, with Brent North Sea crude diving to just over $88.

The announced troop pullback did little to staunch the slide of the ruble, and the fall in oil prices has added pressure on the government which remains heavily reliant on oil revenues.

- Oil price hurts finances -

The fall in the ruble makes imported goods more expensive for Russians, and could eventually undermine popular support for Putin which has in large part been based on the country’s economic improvement since he took power in 2000.

Over the weekend he ordered nearly 18,000 troops who had been deployed near the border back to their bases.

In recent days, Russian President Vladimir Putin appears to have been trying to reduce tensions and he is scheduled to meet with Ukrainian leader Petro Poroshenko on Friday.

Capital flight from the country has rocketed and is set to reach some $100 billion this year, according to the International Monetary Fund, while inflation has risen to over 8 percent.

The sanctions have cut a raft of major Russian firms off from key international debt markets, with estimates of some $55 billion of loan repayments coming due by the end of the year.

Russia’s economy has been hit hard by the fallout from the Ukraine crisis, that has seen the EU and US impose the harshest sanctions on Moscow since the end of the Cold War.

“All focus remains on the local currency, given the (central bank’s) consistent interventions and the population’s increasing jitters, as it hovers around the psychologically important level of 40,” to the dollar, Alfa Bank wrote in a note to clients.

VTB Capital warned that an increasingly worried population was beginning to watch the ruble “more closely” but said that there was not yet a rush to convert rubles into foreign currencies.

“Setting a fixed exchange rate would, in my opinion, be a counterproductive decision and in contradiction of market factors,” Russian news agencies quoted her as saying.

Nabiullina however ruled out establishing a fixed exchange rate in a bid to stop the decline.

The fresh slump came after Russia’s central bank chief Elvira Nabiullina said it had pumped some $6 billion into propping up the currency over the past ten days.

The national currency also briefly dropped against the dollar to a record rate of over 40.50, falling further from the psychologically important mark of 40 to the dollar that it broke through last week.

The ruble dropped to 51.27 to the euro, breaking through a previous low seen in March in the wake of Moscow’s annexation of the Black Sea peninsula of Crimea from Ukraine.

Moscow (AFP) – Russia’s ruble slumped Monday to new all-time lows against the euro and dollar despite the central bank spending billions to defend the currency as the spillover from the Ukraine crisis and falling oil prices pummel the economy.