More evidence of Russian intelligence exploiting old Outlook flaw

Siva Ramakrishnan
Cybersecurity researchers have discovered another campaign in which hackers associated with Russia’s military intelligence are exploiting a vulnerability in Microsoft software to target critical entities, including those in NATO member countries.

Cybersecurity researchers have discovered another campaign in which hackers associated with Russia’s military intelligence are exploiting a vulnerability in Microsoft software to target critical entities, including those in NATO member countries.

According to a report by Palo Alto Networks’ Unit 42, the Russian threat actor known as Fancy Bear or APT28 breached Microsoft Outlook over the past two years to spy on at least 30 organizations within 14 nations “that are likely of strategic intelligence value to the Russian government and its military.”

Tracked as CVE-2023-23397, the flaw in Outlook allows hackers to gain unauthorized access to email accounts within Microsoft Exchange servers. Microsoft patched the flaw in the spring.

In the most recent campaign, analyzed by Unit 42 in September and October of this year, the group targeted organizations within NATO member countries as well as entities in Ukraine, Jordan, and the United Arab Emirates.

The targets include ministries, defense and energy facilities, and transportation and telecommunication companies, researchers said. Attackers also aimed for at least one NATO Rapid Deployable Corps, the alliance’s high-readiness commands.

This is the third report this week about Russian hackers exploiting the Microsoft Outlook flaw. The others:

Microsoft and the Polish cybersecurity agency published joint research claiming that Fancy Bear exploited the Outlook vulnerability to gain access to unspecified mailboxes containing “high-value information.”
Proofpoint published a separate report, stating that it observed phishing activity in which APT28 used the Outlook bug in high-volume campaigns to target entities in Europe and North America.

Researchers are urging high-risk organizations to be vigilant about patching Outlook, especially because the Russian hackers continue to exploit CVE-2023-23397 despite the publicity it has received.

BriefsNation-state
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Leader of Russian hacktivist group Killnet ‘retires,’ appoints new head

Next Post

Long-running Clearview AI class action biometric privacy case settles

Related Posts

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the malware," Aqua security researchers Nitzan Yaakov and Assaf Morag said in an analysis published earlier
Avatar
Read More