Microsoft has singled out Sofacy, an APT group long thought to have ties to Russia’s military intelligence arm GRU, as the entity behind targeted attacks leveraging Windows kernel and Adobe Flash zero days in targeted attacks.
The group, which Microsoft calls Strontium, is also known as APT28, Tsar Team and Sednit among other identifiers.
Microsoft said the zero day vulnerability, the existence of which along with limited details were disclosed on Monday by Google, will be patched Nov. 8. Google said yesterday it privately disclosed both zero days, which were used in tandem in these targeted attacks against unknown victims, to Microsoft and Adobe on Oct. 21. Adobe rushed an emergency patch for Flash Player on Oct. 26, while Microsoft had yet to acknowledge the vulnerability until Google’s disclosure. Microsoft was critical of Google’s action yesterday and reiterated its stance today in a post, providing some details on the vulnerability and attacks.