Russian 'Fancy Bear' hackers accused of exploiting Windows flaw exposed by Google

Microsoft warns users to update ASAP

A hacking group linked to the Russian security services, dubbed 'Fancy Bear', has been accused by Microsoft of exploiting the security flaw in Windows, publicised by Google this week.

The company claimed in a security advisory that the hacking group, which has been linked by IT security companies to the Russian government and US political hacks, has exploited a newly discovered Windows zero-day flaw that was outed by Google earlier this week.

Microsoft said that the hacking group 'Strontium', more commonly known as 'Fancy Bear', had carried out a small number of attacks using spear phishing techniques.

The hackers first compromised Adobe Flash, according to Microsoft, before using a second exploit to target a Windows kernel vulnerability in Vista through to Windows 10. From there, the so-called Fancy Bear hackers were able to install a backdoor on a victim's PC.

Terry Myerson, executive vice president of Microsoft's Windows and Devices division, said: "Recently, the activity group that Microsoft Threat Intelligence calls Strontium conducted a low-volume spear phishing campaign.

"This attack campaign, originally identified by Google's Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers."

Myerson added that Microsoft "has attributed more zero-day exploits to Strontium than any other tracked group in 2016".

Microsoft said that a patch to protect users against this latest threat will be released on 8 November, but Myerson has advised customers to upgrade to the latest version of Windows 10 to be protected immediately.

"Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild," he said.

Microsoft thanked Google for bringing the vulnerability to its attention, although it was not too pleased that the firm made it public.

"We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure," the firm said.

"Google's decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk."

Google, on the other hand, maintained that disclosing known and "actively exploited" vulnerabilities is in the interest of people seeking to secure their systems.