Microsoft has acknowledged a flaw on some of the older versions of Windows. They are not the only one. Adobe too has the same concerns they need to face as well. The vulnerability they have found allows hackers to exploit and attack computers which they say has been tied to attacks to foreign governments.
In a blog post written by one of the company’s executive vice presidents, Terry Meyerson, Microsoft said a hacking group it called STRONTIUM has used this loophole in recent “spear phishing” attacks. Spear phishing involves hackers sending realistic-looking emails or links targeted to users to gain access to their personal data or accounts.
Why was it named STRONTIUM? It is the company’s internal practice to name hacking groups using the periodic table of elements . It is the reason it has been dubbed as such.
Within the cyber security circles, it is better known as the hacking group “Fancy Bear”, which in turn is tied to the Russian government.
Fancy Bear is believed to be behind the hack of the Democratic National Committee (DNC) this election season.
They have tagged STRONTIUM as a group that actively and routinely targets government agencies, diplomatic institutions and military organizations, as well as affiliated private sector organizations linked to but not limited to defense contractors and public policy institutes.
The above mentioned targets are linked to numerous exploits that this loophole is being utilized by STRONTIUM.
The way they operate is by utilizing compromised email accounts moving from victim to victim and moving as far as they can go to guarantee the deepest access they can infiltrate to steal sensitive information.
Microsoft will be releasing a patch for older Windows editions and it will be publicly available on November 8, 2016 which happens to be Election Day. As mentioned earlier, Adobe has been compromised but they have already issued a patch for their software.
Windows 10 does not have this flaw and if it is a viable option, it might be a better route to go upgrade to the latest version.
A few days ago, Google publicly disclosed the Microsoft security vulnerability. Microsoft has criticized Google for sharing the vulnerability before letting them release a patch. According to them, it was “disappointing, and furthermore, puts customers at an increased risk.”