Wednesday, October 15, 2014

ALERT: ZERO DAY NOTICE - Russian Cyberspies Hit Ukrainian, US Targets With Windows Zero-Day Attack via OSINT-X Newswires

The Sandworm cyber espionage gang out of Russia intensifies its attacks in the wake of the Ukrainian conflict and sanctions against Russia with classic zero-day -- plus a popular cybercrime toolkit.

The Russian cyber espionage and cybercrime worlds once again have collided in a newly discovered cyberspying campaign that uses a zero-day flaw found in all supported versions of Microsoft Windows.


CUSTOMER NOTICE:
SLC Security Services LLC is aware of the Zero Day and will be rolling out an IDS signature in the next 4 hours to supported customers via our feeds. If you have a signature subscription your IDS/IPS and firewall alerting will automatically be updated with the updated signatures. We will automatically page your security contacts if any of the signatures trip. We have not seen any commercial vendors roll out signatures for this yet but we will be monitoring and updating this post when the signatures are updated by other security vendors.

UPDATE:
A cyberespionage campaign believed to be based in Russia has been targeting government leaders and institutions for nearly five years, according to researchers with iSight Partners who have examined code used in the attacks.

Also this particular worm is exploiting similar code to another snort rule that we previously released in July so it was already covered by the ruleset. The additional rule today will indicate the variant by the type of payload attached (1 of 3).

This attack was being used since 2009 according to our research and the research posted by other security vendors. The attack would have largely gone undetected if not for a mistake in attacking a honeypot setup at a single location that determined the traffic from the malware was not normal activity.

REFERENCES: 
'Hurricane Panda' hackers used Microsoft zero-day, CrowdStrike says - Link

No comments:

Post a Comment