“Russians spied on for years Western governments via PowerPoint leak ‘




Russia has since 2009 made an abuse zero- day exploit for all versions of Windows from Vista to spy. Western governments, NATO, multinational corporations and academic institutions The leak was in PowerPoint.

The spy is abuse made of the new PowerPoint leak, but also of two other already known vulnerabilities and Black Energy-crimeware. Targets were emails sent with malicious attachments and were infected after opening the specially crafted presentations. Then the attackers could remotely execute code on the affected systems. In addition to the Windows versions listed were Windows Server 2008 and 2012 are vulnerable, but Windows XP is not susceptible.

iSight targets Sand Worm

Russia focused in Operation Sand Worm on obtaining documents and e-mails with information about Russia itself, Ukraine and other information on the region, but also getting into the hands of SSL keys and certificates. Sand Worm, named for the large sand worms from Dune books, was discovered by security iSight, in collaboration with Microsoft. The URLs of ‘control & Command’ servers that the attackers used other references could be distilled to Dune, like ‘arrakis02’, ‘houseatreides94’ and ‘epsiloneridani0.

In addition to Western governments and NATO, including the energy sector, especially in Poland, the European telecommunications sector and American academic institutions were detectable target, finds iSight, but the company says the zero- day possible for more goals is abused. multiple party

The vulnerability was abuse of the fact that Windows via packager.dll inf files can be downloaded and run. Especially with PowerPoint files, the packager according iSight Package OLE objects that refer to external inf files from untrusted sources. Microsoft leak now poem.


In: Technology & Gadgets Asked By: [15484 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »