Microsoft Says Russian DNC Hackers Are Targeting Windows Users

microsoft hackers dnc fancy bear
A Microsoft logo is seen next to a cloud in Los Angeles, California, U.S. on June 14. Microsoft say hackers have exploited a zero-day vulnerability in its software. REUTERS/Lucy Nicholson

The same Russian-based hackers that are believed to have targeted the Democratic National Committee are now carrying out a campaign against Windows users, according to Microsoft.

The security flaw in the Windows operating system was first discovered by Google and reported to Microsoft on October 21. It is known as a zero-day vulnerability, as it was not known by the software vendor and hackers were able to exploit it before it could be fixed.

In an advisory published on Tuesday, November 1, a Microsoft executive said that a group called Strontium—also known as Fancy Bear—had taken part in several hacking attempts using the security flaw.

"This attack campaign, originally identified by Google's Threat Analysis Group, used two [vulnerabilities]... to target a specific set of customers," said Terry Myerson, Microsoft's executive vice president of Windows and Devices Group.

"We have coordinated with Google and Adobe to investigate this malicious campaign and to create a patch for down-level versions of Windows."

Security patches for the vulnerabilities are currently being tested ahead of a scheduled update for Tuesday, November 8—the same day as the U.S. presidential elections.

Myerson criticized Google for releasing information about the security flaw before they were able to release a patch, saying that it was "disappointing" and put consumers at increased risk. As the vulnerability was already being exploited by hackers, others defended the decision.

Myerson also urged users to ensure that their operating systems are upgraded to Windows 10 in order to protect themselves against such attacks.