Microsoft has blamed a Russian hacking group for breaching a newly discovered Windows security flaw.
In an advisory on its website, the software giant named a group called Strontium which is more widely known as “Fancy Bear,” or APT 28; responsible for the small number of attacks using “spear phishing” emails.
Microsoft Windows Chief Terry Myerson said Strontium was exploiting the bug to infect PCs to get access to potentially sensitive data.
A U.S. intelligence expert on Russian cyber activity said that Fancy Bear primarily works for or on behalf of the GRU, Russia’s military intelligence agency, which U.S. intelligence officials have concluded were responsible for hacks of Democratic Party databases and emails.
In spear phishing, an attacker sends targeted messages, typically via email, that exploit known information to trick victims into clicking on malicious links or open tainted attachments.
Microsoft said the attacks exploited a vulnerability in Adobe Systems Inc’s Flash software and one in the Windows operating system.
Microsoft’s disclosure of the new attacks and the link to Russia came after Washington accused Moscow of launching an unprecedented hacking campaign aimed at disrupting and discrediting the upcoming U.S. election.