A Russian hacking campaign against diplomatic targets in the US has been using two previously unknown flaws in software to gain access to target machines, said a security company investigating the matter.
FireEye lays bare Russian hacking methods
FireEye is a prominent US security company, and states at the weekend that the spying efforts took advantage of flaws in Adobe Flash software for viewing active content, and Microsoft’s Windows operating system.
The Russian hacking campaign has been linked to serious breaches at US State Department computers, but the same hackers are believed to have also compromised White House computers that contained unclassified but sensitive information such as the president’s travel schedule.
FireEye has been helping the US agencies look into the attacks, but said it cannot comment whether the spies are the same ones that penetrated the White House.
FireEye also says that Adobe issued a fix for the security issues on Tuesday last week, so users with the most current version will be protected. The Microsoft issue is apparently not as dangerous. Microsoft has said they are working on a patch.
Last year, FireEye says the group called APT28 had been active since 2007 and targeted US defence attaches and military contractors, NATO offices, and government officials in Georgia and countries of interest to the Kremlin.
Just before the FireEye report, Trend Micro dubbed the hacking campaign against Statement Department computers, Russian dissidents, and NATO and Eastern European countries “Pawn Storm”. As Pawn Storm and APT28 used the same tools and the same targets, many security professionals believe they are the same hackers.
Trend Micro says that the Pawn Storm hacking group has recently increased their activity and targeted bloggers who has interviewed President Obama, and that the group had probably stolen online logins of military correspondents at a major US newspaper.