This article won't load so the only way to read it will be to either click on the word button or to type the exact article name into Google or another search engine.
Microsoft has singled out Sofacy, an APT group long thought to have ties to Russia’s military intelligence arm GRU, as the entity behind targeted attacks leveraging Windows kernel and Adobe Flash zero days in targeted attacks. …
Categories
Featured
Podcasts
Videos
Twitter
Facebook
Google
LinkedIn
YouTube
RSS
Blog in English
Блог на русском
Welcome > Blog Home>Government > Microsoft Says Russian APT
Group Behind Zero-Day Attacks
0
ie_flash_zero_day
Microsoft Says Russian APT Group Behind Zero-Day Attacks
by Michael Mimoso November 1, 2016 , 5:50 pm
Microsoft has singled out Sofacy, an APT group long thought to have ties
to Russia’s military intelligence arm GRU, as the entity behind
targeted attacks leveraging Windows kernel and Adobe Flash zero days in
targeted attacks.
The group, which Microsoft calls Strontium, is also known as APT28, Tsar
Team and Sednit among other identifiers.
Related Posts
Google to Distrust WoSign, StartCom Certs in 2017
November 1, 2016 , 1:58 pm
Google Reveals Windows Kernel Zero Day Under Attack
October 31, 2016 , 5:00 pm
Google to Make Certificate Transparency Mandatory By 2017
October 29, 2016 , 6:00 am
Microsoft said the zero day vulnerability, the existence of which along
with limited details were disclosed on Monday by Google, will be patched
Nov. 8. Google said yesterday it privately disclosed both zero days,
which were used in tandem in these targeted attacks against unknown
victims, to Microsoft and Adobe on Oct. 21. Adobe rushed an emergency
patch for Flash Player on Oct. 26, while Microsoft had yet to
acknowledge the vulnerability until Google’s disclosure. Microsoft was
critical of Google’s action yesterday and reiterated its stance today in
a post, providing some details on the vulnerability and attacks.
“We believe responsible technology industry participation puts the
customer first, and requires coordinated vulnerability disclosure,” said
Terry Myerson, executive vice president Windows and Devices Group at
Microsoft. “Google’s decision to disclose these vulnerabilities before
patches are broadly available and tested is disappointing, and puts
customers at increased risk.”
Microsoft added that it is coordinating with Google and Adobe on the
patch, which is being tested by partners. Nov. 8 is Microsoft’s next
scheduled patch release.
Microsoft said that the attacks were spreading in what it called a “low
volume” spear phishing campaign. Sofacy’s targets are largely strategic:
government agencies, diplomatic institutions, military organizations,
defense contractors and public policy research institutes.
“Microsoft has attributed more 0-day exploits to STRONTIUM than any
other tracked group in 2016,” Myerson said.
Sofacy has been blamed by the U.S. government for attacks against the
Democratic National Committee, and Russia has been accused of allegedly
attempting to influence the U.S. presidential election via these hacks.
The attacks chained the two zero days in order to gain persistent access
to the targeted computers, Microsoft said. First, an exploit was used
against the Flash vulnerability, a use-after-free flaw in ActionScript
runtime code running in the software. Once Flash was compromised in
order to gain control of the browser process, the attackers used a
second exploit to target a Windows kernel vulnerability, present in
Windows Vista through current versions of Windows 10, to elevate
privileges and escape the browser sandbox. From there, they were able to
install a backdoor and gain persistent access on the victim’s computer
in order to send more commands to move stolen data off the machine.
Microsoft said that the particular win32k kernel component targeted in
these attacks had been recently updated with new exploit mitigations
that should prevent the exploits from working. Microsoft also said that
the backdoor DLL used in these attacks can be blocked via strict Code
Integrity policies, which Microsoft’s Edge browser does natively. It’s
unknown whether the attacks were successful.
“This does not guarantee that attackers will not find an alternative
workaround, but Microsoft will issue a comprehensive update to address
the issue soon,” Myerson said.
Yesterday’s abrupt disclosure by Google was in accordance with its
internal policies, which gives vendors 60 days to patch critical
vulnerabilities, or notify users about the risk and any workarounds or
temporary mitigations, and seven days to at a minimum report on critical
flaws under active exploitation.
“Seven days is an aggressive timeline and may be too short for some
vendors to update their products, but it should be enough time to
publish advice about possible mitigations, such as temporarily disabling
a service, restricting access, or contacting the vendor for more
information,” Google said in 2013 upon publicizing its disclosure
policy.
See more at: Microsoft Says Russian APT Group Behind Zero-Day Attacks https://wp.me/p3AjUX-vFg
See more at: Microsoft Says Russian APT Group Behind Zero-Day Attacks https://wp.me/p3AjUX-vFg
Categories
Featured
Podcasts
Videos
Twitter
Facebook
Google
LinkedIn
YouTube
RSS
Blog in English
Блог на русском
Welcome > Blog Home>Government > Microsoft Says Russian APT
Group Behind Zero-Day Attacks
0
ie_flash_zero_day
Microsoft Says Russian APT Group Behind Zero-Day Attacks
by Michael Mimoso November 1, 2016 , 5:50 pm
Microsoft has singled out Sofacy, an APT group long thought to have ties
to Russia’s military intelligence arm GRU, as the entity behind
targeted attacks leveraging Windows kernel and Adobe Flash zero days in
targeted attacks.
The group, which Microsoft calls Strontium, is also known as APT28, Tsar
Team and Sednit among other identifiers.
Related Posts
Google to Distrust WoSign, StartCom Certs in 2017
November 1, 2016 , 1:58 pm
Google Reveals Windows Kernel Zero Day Under Attack
October 31, 2016 , 5:00 pm
Google to Make Certificate Transparency Mandatory By 2017
October 29, 2016 , 6:00 am
Microsoft said the zero day vulnerability, the existence of which along
with limited details were disclosed on Monday by Google, will be patched
Nov. 8. Google said yesterday it privately disclosed both zero days,
which were used in tandem in these targeted attacks against unknown
victims, to Microsoft and Adobe on Oct. 21. Adobe rushed an emergency
patch for Flash Player on Oct. 26, while Microsoft had yet to
acknowledge the vulnerability until Google’s disclosure. Microsoft was
critical of Google’s action yesterday and reiterated its stance today in
a post, providing some details on the vulnerability and attacks.
“We believe responsible technology industry participation puts the
customer first, and requires coordinated vulnerability disclosure,” said
Terry Myerson, executive vice president Windows and Devices Group at
Microsoft. “Google’s decision to disclose these vulnerabilities before
patches are broadly available and tested is disappointing, and puts
customers at increased risk.”
Microsoft added that it is coordinating with Google and Adobe on the
patch, which is being tested by partners. Nov. 8 is Microsoft’s next
scheduled patch release.
Microsoft said that the attacks were spreading in what it called a “low
volume” spear phishing campaign. Sofacy’s targets are largely strategic:
government agencies, diplomatic institutions, military organizations,
defense contractors and public policy research institutes.
“Microsoft has attributed more 0-day exploits to STRONTIUM than any
other tracked group in 2016,” Myerson said.
Sofacy has been blamed by the U.S. government for attacks against the
Democratic National Committee, and Russia has been accused of allegedly
attempting to influence the U.S. presidential election via these hacks.
The attacks chained the two zero days in order to gain persistent access
to the targeted computers, Microsoft said. First, an exploit was used
against the Flash vulnerability, a use-after-free flaw in ActionScript
runtime code running in the software. Once Flash was compromised in
order to gain control of the browser process, the attackers used a
second exploit to target a Windows kernel vulnerability, present in
Windows Vista through current versions of Windows 10, to elevate
privileges and escape the browser sandbox. From there, they were able to
install a backdoor and gain persistent access on the victim’s computer
in order to send more commands to move stolen data off the machine.
Microsoft said that the particular win32k kernel component targeted in
these attacks had been recently updated with new exploit mitigations
that should prevent the exploits from working. Microsoft also said that
the backdoor DLL used in these attacks can be blocked via strict Code
Integrity policies, which Microsoft’s Edge browser does natively. It’s
unknown whether the attacks were successful.
“This does not guarantee that attackers will not find an alternative
workaround, but Microsoft will issue a comprehensive update to address
the issue soon,” Myerson said.
Yesterday’s abrupt disclosure by Google was in accordance with its
internal policies, which gives vendors 60 days to patch critical
vulnerabilities, or notify users about the risk and any workarounds or
temporary mitigations, and seven days to at a minimum report on critical
flaws under active exploitation.
“Seven days is an aggressive timeline and may be too short for some
vendors to update their products, but it should be enough time to
publish advice about possible mitigations, such as temporarily disabling
a service, restricting access, or contacting the vendor for more
information,” Google said in 2013 upon publicizing its disclosure
policy.
See more at: Microsoft Says Russian APT Group Behind Zero-Day Attacks https://wp.me/p3AjUX-vFg
See more at: Microsoft Says Russian APT Group Behind Zero-Day Attacks https://wp.me/p3AjUX-vFg
Categories
Featured
Podcasts
Videos
Twitter
Facebook
Google
LinkedIn
YouTube
RSS
Blog in English
Блог на русском
Welcome > Blog Home>Government > Microsoft Says Russian APT
Group Behind Zero-Day Attacks
0
ie_flash_zero_day
Microsoft Says Russian APT Group Behind Zero-Day Attacks
by Michael Mimoso November 1, 2016 , 5:50 pm
Microsoft has singled out Sofacy, an APT group long thought to have ties
to Russia’s military intelligence arm GRU, as the entity behind
targeted attacks leveraging Windows kernel and Adobe Flash zero days in
targeted attacks.
The group, which Microsoft calls Strontium, is also known as APT28, Tsar
Team and Sednit among other identifiers.
Related Posts
Google to Distrust WoSign, StartCom Certs in 2017
November 1, 2016 , 1:58 pm
Google Reveals Windows Kernel Zero Day Under Attack
October 31, 2016 , 5:00 pm
Google to Make Certificate Transparency Mandatory By 2017
October 29, 2016 , 6:00 am
Microsoft said the zero day vulnerability, the existence of which along
with limited details were disclosed on Monday by Google, will be patched
Nov. 8. Google said yesterday it privately disclosed both zero days,
which were used in tandem in these targeted attacks against unknown
victims, to Microsoft and Adobe on Oct. 21. Adobe rushed an emergency
patch for Flash Player on Oct. 26, while Microsoft had yet to
acknowledge the vulnerability until Google’s disclosure. Microsoft was
critical of Google’s action yesterday and reiterated its stance today in
a post, providing some details on the vulnerability and attacks.
“We believe responsible technology industry participation puts the
customer first, and requires coordinated vulnerability disclosure,” said
Terry Myerson, executive vice president Windows and Devices Group at
Microsoft. “Google’s decision to disclose these vulnerabilities before
patches are broadly available and tested is disappointing, and puts
customers at increased risk.”
Microsoft added that it is coordinating with Google and Adobe on the
patch, which is being tested by partners. Nov. 8 is Microsoft’s next
scheduled patch release.
Microsoft said that the attacks were spreading in what it called a “low
volume” spear phishing campaign. Sofacy’s targets are largely strategic:
government agencies, diplomatic institutions, military organizations,
defense contractors and public policy research institutes.
“Microsoft has attributed more 0-day exploits to STRONTIUM than any
other tracked group in 2016,” Myerson said.
Sofacy has been blamed by the U.S. government for attacks against the
Democratic National Committee, and Russia has been accused of allegedly
attempting to influence the U.S. presidential election via these hacks.
The attacks chained the two zero days in order to gain persistent access
to the targeted computers, Microsoft said. First, an exploit was used
against the Flash vulnerability, a use-after-free flaw in ActionScript
runtime code running in the software. Once Flash was compromised in
order to gain control of the browser process, the attackers used a
second exploit to target a Windows kernel vulnerability, present in
Windows Vista through current versions of Windows 10, to elevate
privileges and escape the browser sandbox. From there, they were able to
install a backdoor and gain persistent access on the victim’s computer
in order to send more commands to move stolen data off the machine.
Microsoft said that the particular win32k kernel component targeted in
these attacks had been recently updated with new exploit mitigations
that should prevent the exploits from working. Microsoft also said that
the backdoor DLL used in these attacks can be blocked via strict Code
Integrity policies, which Microsoft’s Edge browser does natively. It’s
unknown whether the attacks were successful.
“This does not guarantee that attackers will not find an alternative
workaround, but Microsoft will issue a comprehensive update to address
the issue soon,” Myerson said.
Yesterday’s abrupt disclosure by Google was in accordance with its
internal policies, which gives vendors 60 days to patch critical
vulnerabilities, or notify users about the risk and any workarounds or
temporary mitigations, and seven days to at a minimum report on critical
flaws under active exploitation.
“Seven days is an aggressive timeline and may be too short for some
vendors to update their products, but it should be enough time to
publish advice about possible mitigations, such as temporarily disabling
a service, restricting access, or contacting the vendor for more
information,” Google said in 2013 upon publicizing its disclosure
policy.
See more at: Microsoft Says Russian APT Group Behind Zero-Day Attacks https://wp.me/p3AjUX-vFg
See more at: Microsoft Says Russian APT Group Behind Zero-Day Attacks https://wp.me/p3AjUX-vFg
No comments:
Post a Comment