Microsoft says a group that has been linked to Russian state-sponsored hacking and the theft of Democratic National Committee emails was behind a new round of cyberattacks targeting Windows users.

Share story

Microsoft says a group that has been linked to Russian state-sponsored hacking and the theft of Democratic National Committee emails was behind a new round of cyberattacks targeting Windows users.

The Redmond company Tuesday said a hacking campaign disclosed this week had exploited previously unknown vulnerabilities in Microsoft’s Windows operating system and Adobe’s Flash in an attempt to gain control of computers. The group behind the attacks, which Microsoft calls Stronium, targeted a “specific set of customers,” Microsoft said without identifying the victims.

Microsoft declined to comment beyond a blog post detailing the attacks. The vulnerability in Windows is slated to be fixed in a patch set for release Nov. 8.

Microsoft didn’t tie the attacks to Russia itself.

But Stronium, which Microsoft security researchers described in a research report last year and which is more widely known as “Fancy Bear” or “APT 28,” has been linked to Russian-state hacking.

CrowdStrike, a cybersecurity firm hired by the DNC after the theft and subsequent release via WikiLeaks of 20,000 emails from the campaign group, said Stronium was among the intruders in the DNC’s computer systems earlier this year. The group’s activities fit the pattern of Russian state-sponsored hacking, CrowdStrike says.

U.S. intelligence agencies have accused Russia of hacking American political sites in an attempt to interfere with the U.S. presidential election.

In its analysis last year, Microsoft said Stronium primarily targets government bodies, diplomatic institutions and military forces in NATO-member nations and Eastern European countries. Microsoft didn’t name Russia as a source of the attacks, but the attacks align with some likely targets of Russian state hacking.

The software flaws under attack were disclosed on Monday by Google.

Security researchers with the search giant said they contacted Adobe and Microsoft on Oct. 21 to inform them of the flaws in their software.

Adobe patched the flaw in Flash on Oct. 26.

Google’s policy is to publicly disclose critical security holes if there is no fix a week after informing the company that makes the software.

“This vulnerability is particularly serious because we know it is being actively exploited,” Google security researchers wrote in a blog post.

Microsoft’s statement Tuesday, attributed to Windows and Devices Executive Vice President Terry Myerson, fired back at Google for disclosing the flaws.

“We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure,” Myerson said.

“Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing and puts customers at increased risk.”

Myerson said Windows users running the latest version of Windows 10 and Microsoft’s Edge browser were protected from versions of the attacks the company has observed.

Google declined to comment on Myerson’s statement.

The vulnerabilities disclosed this week were targeted in spear-phishing attacks, Microsoft said.

Such attacks are typically designed to fool an email user into clicking on a malicious link or opening an attachment that grants the attacker access to more of the computer’s functions.