Report: Russians Hacked NATO Summit on Ukraine

Hackers in Russia used a bug in Microsoft Windows to spy on Western governments, NATO, and the Ukrainian government, a new report has found.

The New York Times reported that among those targeted were an American academic organization, European energy and telecommunications companies, and the recent NATO summit covering the Ukrainian conflict, according to the report by computer security firm iSight Partners.

It is still unclear what information the hackers obtained, but the theft was focused on information related to tensions between Russia and the West over Ukraine.

The Russians used a variety of different techniques to obtain information dating back to 2009, but it was late this summer that they made use of a weakness in the Windows software called "zero day."

"The use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree," iSight told The Times.

Microsoft is due to release an update today to resolve the software vulnerability.

The firm referred to the hackers as "Sandworm" because it used encoded references to the science fiction series "Dune."

Other hacking techniques included spear-phishing, which involves sending emails to targets with documents that, when opened, would allow the hackers to take control of the computer. This technique was used against Western governments and commercial targets, The Times said.

In late August, Russian hackers attacked at least five major U.S. banks, stealing vast amounts of customer data. One of the hackers was believed to be government-sponsored.

Earlier that month, a cybersecurity firm published a report finding that Russian hackers stole an estimated 1.2 billion user names and passwords in thefts that spanned 420,000 websites. 

Other reports this year have detailed massive hackings by the Russians of other targets.

Research in July revealed that thousands of companies in the energy industry had been targeted by Russian hackers, who had the capability of damaging or disrupting energy supplies in a number of countries. Targets included energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers.

And the mastermind of the major cybersecurity breach of Target and Neiman Marcus was identified earlier this year as a Russian. Details for as many as 110 million customers who used credit or debit cards in the stores were stolen last year.

Related Stories:

• Hackers Pose Multiple Threats to Financial Industry
• J.D. Gordon: China Hacking Its Way to Superpower Status