Microsoft Blames Russia For Exploiting Google-Exposed Windows Flaw

Microsoft has warned Russian-linked hackers are responsible for cyber attacks that exploit an unpatched Windows vulnerability disclosed earlier this week by Google, much to Microsoft’s anger.

Redmond took the opportunity to have another go at Google’s controversial security programme, criticising it for a lack of “responsible technology industry participation”.

‘Responsible Participation’

“Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible,” said  Terry Myerson, head of Microsoft’s Windows and Devices Group. “And we take this responsibility very seriously.”

“Recently, the activity group that Microsoft Threat Intelligence calls Strontium conducted a low-volume spear-phishing campaign. This attack campaign, originally identified by Google’s Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.”

Myerson stated that Microsoft has worked with Google and Adobe to create a patch.

Adobe already patched its Flash Player last week in an emergency update, but Microsoft will patch Windows on 8 November, as part of its regular Patch Tuesday security update.

Microsoft has made no secret of its displeasure with Google, which has a policy to disclose flaws on a set schedule whether the flaws have been fixed or not.

In most cases Google waits 60 days before disclosure, but when a bug is known to be actively exploited to attack systems – as in this instance – the period drops to a much more aggressive seven days.

“We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure,” stated Myerson. “Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk.”

Microsoft recommended users upgrade to Windows 10, and said that users who have enabled Windows Defender Advanced Threat Protection (ATP) will detect the attacks thanks to its generic behaviour detection analytics and up-to-date threat intelligence.

Russian Hackers

Microsoft in a blog post said it has identified the group behind the attack, which it was a Russian state-backed hacking group called Strontium, (otherwise known as ‘Fancy Bear’ or ‘APT 28’).

It comes after US intelligence officials last month officially blamed this group, which it said was linked to “senior” Russian government figures. These hackers, according to the US, are responsible for recent politically motivated hacking incidents, including the release of emails stolen from the Democratic National Committee (DNC).

“Strontium is an activity group that usually targets government agencies, diplomatic institutions, and military organisations, as well as affiliated private sector organisations such as defence contractors and public policy research institutes,” added Myerson.

“Microsoft has attributed more 0-day exploits to Strontium than any other tracked group in 2016. Strontium frequently uses compromised email accounts from one victim to send malicious emails to a second victim and will persistently pursue specific targets for months until they are successful in compromising the victims’ computer.

“Once inside, Strontium moves laterally throughout the victim network, entrenches itself as deeply as possible to guarantee persistent access, and steals sensitive information.”

It is reported that Strontium works for Russia’s military intelligence agency, the GRU.

How well do you know the history of Windows? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

1 day ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

1 day ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

1 day ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

2 days ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

2 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

2 days ago