SCF Advanced Search

  • Total Posts: 35661
  • Total Topics: 10903
  • Online Today: 2284
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Russia uses “SandWorm” to attack on NATO & EU  (Read 2895 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7458
  • KARMA: 313
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
Russia uses “SandWorm” to attack on NATO & EU
« on: 14. October 2014., 19:17:34 »

Security firm iSight Partners has announced discovery of a major zero-day vuln - apparently used in Russian attacks on NATO and the EU - that impacts desktop and server versions of Windows, from Vista and Server 2008 to current versions:

The firm has dubbed vulnerability CVE-2014-4114 “SandWorm” and this one looks to be as terrible as Shai-Hulud in full cry, as iSight says it was “used in [a] Russian cyber-espionage campaign targeting NATO, European Union, Telecommunications and Energy sectors”:
The zero-day is “An exposed dangerous method vulnerability exists in the OLE package manager in Microsoft Windows and Server” that “allows an attacker to remotely execute arbitrary code.”

“The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files,” iSight writes. “In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources.”

“This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands”.

iSight says it spotted the flaw while analysing “Tsar Team”, a group of chaps suspected of being Russian cyber-espionage operatives, and in late August “discovered a spear-phishing campaign targeting the Ukrainian government and at least one United States organization” during the NATO summit on the Ukraine crisis staged in Wales.

“On September 3rd, our research and labs teams discovered that the spear-phishing attacks relied on the exploitation of a zero-day vulnerability impacting all supported versions of Microsoft Windows (XP is not impacted) and Windows Server 2008 and 2012,” iSight writes.

“A weaponized PowerPoint document was observed in these attacks.”

“Though we have not observed details on what data was exfiltrated in this campaign, the use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree.”

iSight says it contacted all the impacted parties and has since worked with Microsoft on a fix that should land today.

And in case you're wondering about the name and the Dune reference in the logo, iSight says the exploit's code contains several references to Frank Herbert's classic.



  • SCF VIP Member
  • *****
  • Posts: 3535
  • KARMA: 153
  • Gender: Female
Re: Russia uses “SandWorm” to attack on NATO & EU
« Reply #1 on: 14. October 2014., 19:49:53 »
Sigh...  :down:
More information about bitcoin, altcoin & crypto in general? GO TO

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist

Samker's Computer Forum -

Re: Russia uses “SandWorm” to attack on NATO & EU
« Reply #1 on: 14. October 2014., 19:49:53 »
Sponsored Links:


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising