Russian APT28 Targets European NATO Nations Using Microsoft Outlook Vulnerability
A recent report from Palo Alto Networks’ Unit 42 reveals that the Russia-linked APT28 group, also known as “Forest Blizzard,” “Fancy Bear,” or “Strontium,” exploited a Microsoft Outlook zero-day vulnerability (CVE-2023-23397) in targeted attacks against European NATO members. Over the past 20 months, APT28 has focused on at least 30 organizations across 14 nations, strategically significant to the Russian government and its military.
Operating since 2007, APT28 has a history of targeting governments, militaries, and security organizations globally, including involvement in the 2016 Presidential election cyber attacks. The group operates from military unit 26165 of the Russian General Staff Main Intelligence Directorate.
Most of APT28’s campaigns involve spear-phishing and malware-based attacks. Microsoft had issued guidance in March 2023 regarding the patched Outlook vulnerability, which is a spoofing vulnerability leading to an authentication bypass
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
The attacks, identified by Microsoft Threat Intelligence, primarily targeted government, energy, transportation, and non-governmental organizations in the US, Europe, and the Middle East. According to Unit 42, APT28 began exploiting the vulnerability in March 2022, with the most recent campaign observed between September and October 2023.
The list of targets is extensive, including European NATO members, a NATO Rapid Deployable Corps, and critical infrastructure organizations in energy, transportation, telecommunications, information technology, and the military industrial base. The group continued using a publicly known exploit for the Outlook flaw in the second and third campaigns, indicating a prioritization of benefits over potential detection consequences.
Trending: Deep Dive to Fuzzing for Maximum Impact
Trending: Offensive Security Tool: ThreatMapper
Microsoft’s Threat Intelligence warns that APT28 is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information.
This aligns with previous warnings from the French National Agency for the Security of Information Systems (ANSSI) about APT28 targeting French organizations, including government entities, businesses, universities, and research institutes, using various techniques to avoid detection.
ANSSI confirmed APT28’s exploitation of the Outlook zero-day vulnerability (CVE-2023-23397) in its investigations.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: securityaffairs.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
