14 DAY TRIAL // Microsoft has already expressed its frustration with Google’s decision to go public with an unpatched vulnerability in Windows, especially because it is already being exploited in the wild, but it turns out that the on-going attacks are connected to a Russian group known for political hacks.
The Redmond-based software giant explained in an advisory on its website that the recently-discovered Windows vulnerability is currently being used for attacks launched by a group called STRONTIUM, who is also known as Fancy Bear and is based in Russia.
Microsoft claims that the group conducted “a low-volume spear-phishing campaign” against a series of targets, but the company hasn’t revealed how many of these attacks were successful.
Spear phishing attacks generally involve messages submitted to vulnerable targets through different communication channels such as email and which include links or attachments that in the end lead to malicious code used to exploit unpatched flaws.
What’s interesting is that Fancy Bear has been often linked to political hacks, and the United States government itself accused Russia of launching attacks against several American targets in order to disrupt the local election.
Patch to be released on election day
According to Reuters, Fancy Bear works for the GRU, Russia’s military intelligence agency which the United States has blamed for the attacks against the Democratic Party. Microsoft hasn’t revealed if any political attacks were launched using the newly discovered Windows vulnerability.
“We have coordinated with Google and Adobe to investigate this malicious campaign and to create a patch for down-level versions of Windows. Along these lines, patches for all versions of Windows are now being tested by many industry participants, and we plan to release them publicly on the next Update Tuesday, Nov 8,” Microsoft says.
Coincidentally, Patch Tuesday, which takes place on the second Tuesday of each month, starts this month on election day. At the moment, Microsoft says that it’s working with Google and Adobe to test the patch, but Windows 10 users with Microsoft Edge are already protected against attacks.