Security experts have uncovered a dangerous campaign using a zero-day vulnerability in multiple versions of Windows and Windows Server to target Nato personnel.
Researchers at iSight Partners reported uncovering the campaign after mounting a joint investigation with Microsoft, warning that hackers in the 'Sandworm Team' have been targeting Nato since at least August.
"In late August, while tracking the Sandworm Team, iSight discovered a spear-phishing campaign targeting the Ukrainian government and at least one US organisation. Notably, these spear-phishing attacks coincided with the Nato summit on Ukraine held in Wales," read the threat report.
"On 3 September, our research and labs teams discovered that the spear-phishing attacks relied on the exploitation of a zero-day vulnerability impacting all supported versions of Microsoft Windows (XP is not impacted) and Windows Server 2008 and 2012. A weaponised PowerPoint document was observed in these attacks."
The flaw reportedly allows hackers to remotely execute code on infected machines and enact specific commands, such as to steal data. The researchers reported the bug as serious.
"[iSight] has not observed details on what data was exfiltrated in this campaign, [but] the use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree," the firm said.
Microsoft is working on a fix, which is set to be released as a part of its monthly Patch Tuesday update later on 14 October.
The hackers are believed to be from Russia and are suspected of mounting similar cyber-espionage campaigns against the European Union and telecoms and energy sectors.
The campaign's discovery comes during a reported boom in cyber attack levels.
FireEye CEO David Dewalt said earlier in October that his company has detected an increase in phishing attacks targeting the source code of tech companies, including Microsoft, Apple, Oracle and Adobe, for use in future advanced, targeted attacks.
Interpol opened a Global Complex for Innovation information centre on 1 October in a bid to coordinate efforts combating the increased cyber threat.
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps
The scale of jobs lost to automation will be at least as large as those in the first three industrial revolutions
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC