Cut from NPR
Patrick McBride, a spokesman with iSight, says the hackers targeted specific officials using a well-known kind of attack called spear-phishing. Hackers would craft a message with a PowerPoint document attached. For example, they'd say, "We'd like to be involved in the conference."
And when an unknowing recipient opened the corrupted PowerPoint, the file was exploited to load a piece of malware onto the computer that the attacker could then use later to "exfiltrate documents," McBride says.
The hacker group, dubbed the "Sandworm Team," allegedly pulled emails and documents off computers from NATO, Ukrainian government groups, Western European government officials, and energy sector and telecommunications firms.
In the mad dash to grab information, McBride says, the hackers got a little sloppy and dropped hints about their identity. He says they're Russian, "but we can't pinpoint if they work for the Russian government or work in a particular department in the government."
The Russian embassy did not immediately respond to NPR's inquiry. Microsoft says that Tuesday, it's patching the security flaw so that PowerPoint and other Office products can't be exploited again in the same way. |