Skip to main content

Microsoft confirms hacker group Strontium is behind latest zero-day attacks

Microsoft has discovered that a hacker group with ties to Russia is responsible for a number of zero-day attacks that targeted Windows users.

The hacker group, which goes by the name Strontium and has also operated under the names APT28 and Fancy Bear, is also believed to be behind the controversial hack that leaked numerous emails and memos from the Democratic National Committee (DMC). Microsoft has noted that Stronium utilised “low-volume” spear phishing campaigns to target users by exploiting two zero-day vulnerabilities.

The zero-day vulnerabilities that affected Adobe's Flash software and the Microsoft's Windows Operating System were made public by Google much to the dismay of Microsoft as it gave cyber attackers a new way to target its users.

The company has since released an advisory regarding how Strontium operates and chooses its targets. Microsoft noted that the group has taken advantage of more zero-day exploits than any other tracked group, saying: "STRONTIUM is an activity group that usually targets government agencies, diplomatic institutions, and military organisations, as well as affiliated private sector organisations such as defense contractors and public policy research institutes. Microsoft has attributed more 0-day exploits to STRONTIUM than any other tracked group in 2016. STRONTIUM frequently uses compromised e-mail accounts from one victim to send malicious e-mails to a second victim and will persistently pursue specific targets for months until they are successful in compromising the victims' computer. Once inside, STRONTIUM moves laterally throughout the victim network, entrenches itself as deeply as possible to guarantee persistent access, and steals sensitive information."

The executive vice president of Microsoft's Windows and Devices, Terry Myerson, has strongly urged all users to upgrade to Windows 10 to better protect themselves from advanced threats online.

He also pointed out that anyone running a copy of Windows 10 with Windows Defender Advanced Threat Detection (ATP) is already protected against the tactics used by Strontium to carry out its attacks. 

Image Credit: JPstock / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.