Following Google’s disclosure of a critical vulnerability in Windows earlier this week, Microsoft acknowledged yesterday that a hacking group known as STRONTIUM has been using the flaw for a small number of cyber attacks. According to Reuters, this hacking group has been previously linked to the Russian government as well as recent US political hacks aimed at jeopardizing the upcoming US election.
Microsoft shared in its blog post that the hacking group has been conducting a "low-volume spear-phishing campaign." More details below:
STRONTIUM frequently uses compromised e-mail accounts from one victim to send malicious e-mails to a second victim and will persistently pursue specific targets for months until they are successful in compromising the victims’ computer. Once inside, STRONTIUM moves laterally throughout the victim network, entrenches itself as deeply as possible to guarantee persistent access, and steals sensitive information.
According to the company, the Windows kernel flaw currently exploited by the hacking group is present in all versions of Windows from Windows Vista through Windows 10 Anniversary Update. However, the company notes that "customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild." Additionally, enabling Windows Defender Advanced Threat Protection (ATP) will allow consumers to detect a potential attack.
The company did not identify any victims of the cyber attacks in its blog post. More importantly, a fix is already in the works and will be released on the next Patch Tuesday. "Patches for all versions of Windows are now being tested by many industry participants, and we plan to release them publicly on the next Update Tuesday, Nov 8," the company explained. We invite you to read the full blog post to learn more about the exploit and how to detect potential attacks with Windows Defender ATP.