More evidence of Russian intelligence exploiting old Outlook flaw

Siva Ramakrishnan
Cybersecurity researchers have discovered another campaign in which hackers associated with Russia’s military intelligence are exploiting a vulnerability in Microsoft software to target critical entities, including those in NATO member countries.

Cybersecurity researchers have discovered another campaign in which hackers associated with Russia’s military intelligence are exploiting a vulnerability in Microsoft software to target critical entities, including those in NATO member countries.

According to a report by Palo Alto Networks’ Unit 42, the Russian threat actor known as Fancy Bear or APT28 breached Microsoft Outlook over the past two years to spy on at least 30 organizations within 14 nations “that are likely of strategic intelligence value to the Russian government and its military.”

Tracked as CVE-2023-23397, the flaw in Outlook allows hackers to gain unauthorized access to email accounts within Microsoft Exchange servers. Microsoft patched the flaw in the spring.

In the most recent campaign, analyzed by Unit 42 in September and October of this year, the group targeted organizations within NATO member countries as well as entities in Ukraine, Jordan, and the United Arab Emirates.

The targets include ministries, defense and energy facilities, and transportation and telecommunication companies, researchers said. Attackers also aimed for at least one NATO Rapid Deployable Corps, the alliance’s high-readiness commands.

This is the third report this week about Russian hackers exploiting the Microsoft Outlook flaw. The others:

Microsoft and the Polish cybersecurity agency published joint research claiming that Fancy Bear exploited the Outlook vulnerability to gain access to unspecified mailboxes containing “high-value information.”
Proofpoint published a separate report, stating that it observed phishing activity in which APT28 used the Outlook bug in high-volume campaigns to target entities in Europe and North America.

Researchers are urging high-risk organizations to be vigilant about patching Outlook, especially because the Russian hackers continue to exploit CVE-2023-23397 despite the publicity it has received.

BriefsNation-state
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Leader of Russian hacktivist group Killnet ‘retires,’ appoints new head

Next Post

Long-running Clearview AI class action biometric privacy case settles

Related Posts

FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals

Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian national, have been charged with conspiracy to commit access device fraud and conspiracy to commit wire
Avatar
Read More