October 15, 2014 by

Zero-Day Used to Hack the NATO, Ukraine, and Others

A Russian group of hackers is reported to have used a zero-day vulnerability within Windows operating system to spy on such targets as NATO, the Ukrainian and Polish governments, the European Union, and other targets. The vulnerability was named the Sandworm (CVE-2014-4114) by the authors of the report, iSIGHT Partners, a cybersecurity firm. The name comes from the discovered bits of Russian references within the code from the DUNE.

The vulnerability affects all of the supported versions of Windows. Windows XP does not seem to be affected.

This includes (along with all versions of each):

  • Windows Vista
  • Windows Server 2008
  • Windows Server 2012
  • Windows 7
  • Windows 8/8.1
  • Windows RT

The Sandworm allowed the hackers:

  • A remote execution of an arbitrary code.
  • To reference to external files (such as INF) from untrusted sources
  • Execution of the downloaded files
  • Steal information

The vulnerability was around for years and it’s not clear how many computers are affected. Microsoft already released a fix- to make sure you’re on the safe side, patch your computer immediately.


About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Hackers Target Ukraine with Phishing Campaign During BadRabbit Attack

The head of Ukraine’s state cyber police has revealed hackers tried to access confidential data...

Read more arrow_forward

Microsoft’s Secret Bug Database was Hacked in 2013

Technology giant Microsoft never disclosed a major breach of its internal database tracking bugs, a...

Read more arrow_forward

100% of Govt Entities See Own Employees as Biggest Cybersecurity Risk

A new cybersecurity report has claimed that the government sector is way behind others in...

Read more arrow_forward