On October 14, 2014, according to Reuters, “Russian hackers exploited a bug in Microsoft Windows and other software to spy on computers used by NATO, the European Union, Ukraine and companies in the energy and telecommunications sectors, according to cyber intelligence firm iSight Partners.”
A research conducted by iSight Partners revealed that the group has been active since at least 2009 and its targets in the recent campaign also included a Polish energy firm, a Western European government agency and a French telecommunications firm but there is no indication that the group was behind a recent spate of intrusions into U.S. banks, including JPMorgan Chase. In August, iSight Partners discovered the vulnerability “zero-day”, present in every Windows operating system from Vista to 8.1, except Windows XP.
According to Washington Post, “the Ukrainian government was targeted in late August, in the lead-up to the NATO summit in Wales, where member states discussed Russia’s actions in Ukraine. Using a technique called spear-phishing, SandWorm Team sent e-mails to targets that appeared to come from legitimate sources but included attachments that, when opened, enabled the hackers to gain access to their computers,” said iSight Senior Director Stephen Ward. He drew the conclusion that the actions were consistent with espionage activity and “all indicators from a targeting and lures perspective would indicate espionage with Russian national interests.”
John Hultquist, iSight’s Senior Manager for Cyber-Espionage Threat Intelligence said that “it’s just the nature of the game. There are only a few people in the world who would be really interested in this stuff and would have the tools to get it.” The type of information stolen, the use of a rare zero-day vulnerability and the targeting method lead to the conclusion that the hackers were state-sponsored, either employed by Russia or hired as contractors according to, Hultquist.
Considered among the best in the world, Russia’s cyberspies developed intelligence programs that are among the few true rivals of the U.S. National Security Agency, according to a former U.S. official who asked not to be identified discussing intelligence assessments.
The attack brings in forefront a situation that needs to be address urgently: cyberattacks and information security. At the most recent NATO Summit, “Sorin Ducaru, NATO’s Assistant Secretary General for Emerging Security Challenges, declared on September 5 that Article V of the Treaty is extended for disinformation, subversion and cyber attacks.” Unfortunately there were no clear specification regarding what is considered a cyberattack and when will it trigger a response. Also, as we mentioned before, even if we can speculate who is behind a cyberattack it’s very hard to obtain clear evidence of all the factors involved in the situation.
Jim FINKLE, “Russian hackers target NATO, Ukraine and others: iSight”,Reuters, October 14, 2014, at the Internet address http://www.reuters.com/article/2014/10/14/us-russia-hackers-idUSKCN0I308F20141014
 A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it - this exploit is called a zero day attack. More details at the Internet address http://www.pctools.com/security-news/zero-day-vulnerability/
 According to Dictionary.com, spearphishing is the practice of sending fraudulent e-mails to extract financial data from computer users for purposes of identity theft, by mimicking a sender that the recipient knows. More details at the Internet address http://dictionary.reference.com/browse/spear-phishing
 “Russian hackers use ‘zero-day’ to hack NATO, Ukraine in cyber-spy campaign”, The Washington Post, October 14, 2014, at the Internet address hthttp://www.washingtonpost.com/world/national-security/russian-hackers-use-zero-day-to-hack-nato-ukraine-in-cyber-spy-campaign/2014/10/13/f2452976-52f9-11e4-892e-602188e70e9c_story.html
 “Russian Hackers Tracking Ukraine Crisis Stole NATO Data”, Business Week, October 14, 2014, at the Internet address http://www.businessweek.com/news/2014-10-14/russian-hackers-tracking-ukraine-crisis-stole-nato-data
 “Russian Hackers Tracking Ukraine Crisis Stole NATO Data”, Bloomberg, October 14, 2014, at the Internet address http://www.bloomberg.com/news/2014-10-14/russian-hackers-tracking-ukraine-crisis-stole-nato-data.html
 Ioana Corina JULAN, ”News Alert No.15: NATO Summit in Wales: CyberAttacks, integrated in Article V”, Morgenthau Center, September 5, 2014, the Internet address http://morgenthaucenter.org/news-alert-no-15-nato-summit-in-wales-cyberattacks-integrated-in-article-v/