A group of cyber spies targeted the North Atlantic Treaty Organization (NATO), Ukrainian and Polish government agencies, and a variety of sensitive European industries over the last year, in some cases using a previously unknown flaw in Windows systems to infiltrate targets, according to a research report released on Tuesday.
Dubbed "Sandworm" by iSIGHT Partners, the security consultancy that discovered the zero-day attack, the campaign is suspected to be Russian in origin based on technical details, the malware tools used, and the chosen targets, which also included government agencies in Europe and academics in the United States. If confirmed, the attack is an uncommon look into Russia's cyber-espionage capabilities.
"We can confirm that NATO was hit; we know from several sources that multiple organizations in the Ukraine were targeted," said John Hultquist, senior manager of cyber-espionage threat intelligence for iSIGHT. "We have seen them using Ukrainian infrastructure as part of their attacks."