Russians Suspected of Using ‘Sandworm” to Wriggle into NATO

A cyberspy group breached a North Atlantic Treaty Organization system and at least targeted Ukrainian and Polish government agencies.

Technical details of the operation as well as the chosen victims point to Russian origins.

Some of the assaults used a previously unknown glitch, or zero-day, in Windows systems to infiltrate victims.

Dubbed "Sandworm" by iSIGHT Partners, the security consultancy that discovered the malicious activity, the assault can penetrate systems running up-to-date versions of Windows Vista, Windows 7, Windows 8, and Windows RT. Microsoft released a patch for the flaw on Oct. 14.

The hackers also targeted government agencies in Europe and academics in the United States, as well as a variety of sensitive European industries.

"We can confirm that NATO was hit; we know from several sources that multiple organizations in the Ukraine were targeted," said John Hultquist, iSIGHT senior manager of cyber-espionage threat intelligence. "We have seen them using Ukrainian infrastructure as part of their attacks."

Sandworm, named because of references to Frank Herbert's Dune series in its code, does not crash anything or reveal other signs of mischief to users.

“The Sandworm team targeted NATO as far back as December 2013, while attendees to a global security conference were targeted in May of 2014. In June, a Polish energy firm, a French telecommunications firm, and other critical industries were targeted,” according to Ars Technica.