Da tovarishch! I am looking through your Windows, get it?
Russian hackers have been using a zero-day exploit in Windows to spy on numerous high-ranking agencies across the EU and the world. Among those affected we have NATO, several Western governments, EU energy and telecommunications companies and even an undisclosed US academic organizations.
This report, cited by the New York Times, comes from a cybersecurity company named iSight. As such all caveats, pinches of salt and regular skepticism in the face of dire warnings should apply.
iSight reports that a number of hackers have found and started exploiting a zero day vulnerability found in Windows. According to them, while the hacking group with probable ties to the Russian government has been active for years, this specific vulnerability in Microsoft’s OS has only been exploited in the last couple of months.
Apparently the exploit is present in all supported versions of Windows starting with Vista and ending with Windows 8.1. It’s probably in Windows 10 Technical Preview as well but that version isn’t officially supported just yet.
The good news is that Microsoft is aware of the issues and releasing a patch to fix the vulnerability later on today with Patch Tuesday. As for the affected systems there isn’t huge cause for concern for regular users here as the hackers were only spying on institutions and companies, not stealing credit card info.