The threat teams of Microsoft have connected the use of the bug to the APT28, which is the same group involved in breach of data related to the DNC and Clinton’s campaign.
Windows Vulnerability
After giving a grace period of a week to Microsoft, Google’s Threat Analysis group had made a public post of the Windows vulnerability. The vulnerability is being exploited by several malware attacks.
Windows Acknowledges
The Executive VP of Microsoft Windows, Terry Myerson, accepted that a sophisticated group was actively exploiting the bug. The threat group that has been identified is the same one that was involved in the hacking that resulted in data breaches from the DMC or Democratic National Committee and from Clinton’s campaign. Microsoft is on its way to offer a fix for the bug, and in the meantime, Terry Myerson has asked the customers to upgrade their software to Windows 10 in order to protect their devices from an advanced threat.
Myerson’s Statement
Myerson has stated that recently Strontium, the name given by the Threat Intelligence at the company for the threat group, has conducted a spear phishing campaign. Those who are making use of Microsoft Edge on their Windows 10, Anniversary update, will get protection of the attack versions. The
Threat Analysis group of Google first identified the threat. The attack made use of the two zero day bugs in Adobe Flash and in the down level kernel of Windows in order to target some users.
Protection Against Threat
Microsoft users having Window 10 with the advanced detection already have protection against this zero day threat. According to Myerson, this is because the specific software has the capacity to detect Strontium attacks, due to the behavior detection of ATP and also because the threat intelligence is up to date.
What is Strontium?
Microsoft has given the code name Strontium for the APT28 group, which is also termed as Fancy Bear. It is a group that was involved for breaching the DNC, the Clinton campaign and several others. The group along with another Strontium group is connected with Russian intelligence.
However, it is not yet clear whether the zero days that Google has revealed are part of these breaches. The breaches were achieved using spear phishing attack including mimicking of a Google security alert.
The Flaw
The zero day is the flaw or the bug that has been identified in the win32k.sys by Google. The bug enables the escaping of malicious code from the software sandbox and escalates the privileges. This was along with another exploit related to Adobe Flash has been used by a spear phishing campaign made by the unidentified group.
Ongoing Investigations
Myerson has stated that Microsoft is coordinating with Adobe as well as Google for investigation the malicious campaign and for creating the security patches for the down level Windows version. Several versions are being tested and will be released for the public by November 8, according to Myerson.