Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug

Advanced persistent threat group APT28 is behind ongoing campaigns to steal sensitive government and corporate information.
The threat group is reportedly abusing unpatched instances of a Microsoft Exchange flaw patched nine months ago, according to researchers.
Microsoft incident response researchers and Poland's Cyber Command have blamed APT28 for attacks on Exchange servers in the U.S., Europe and the Middle East that exploited a critical elevation of privileged vulnerability, tracked as CVE-2023-23397.
A patch for the vulnerability, which has a CVSS v3 score of 9.8, was released in March.
Researchers warned at the time that the flaw could pose a significant threat to organizations if it was not mitigated.
Exploitation of the vulnerability involves threat actors sending a specially crafted message to a target's Exchange account.
APT28 has been involved in espionage-focused activities since at least 2019 and has been linked to Russia by U.S. and UK intelligence agencies.
In a Dec. 4 update to a March advisory on CVE-2023-23397, Microsoft's incident response team said they had partnered with the Polish Cyber Command to mitigate techniques used by APT28 in the EoP attacks.
The updated post listed several other vulnerabilities APT28 had been found to be exploiting, including a patched WinRAR vulnerability, CVE-2023-38831.
Microsoft said the group had been leveraging CVE-2023-38831 since at least September to carry out spear-phishing attacks, mainly against Ukrainian government targets.
In a separate post, Polish Cyber Command said it had developed a set of tools that ran on the Exchange environment to identify and mitigate compromises by APT28 that were initiated either through exploitation of CVE-2023-23397 or through brute force attacks.
Microsoft said security teams should ensure Outlook was patched and kept up-to-date to mitigate the threat from APT28.


This Cyber News was published on packetstormsecurity.com. Publication date: Wed, 06 Dec 2023 15:28:05 +0000


Cyber News related to Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug

The ticking time bomb of Microsoft Exchange Server 2013 - This is, of course, a common issue since 2021 or so, due to Exchange Server security woes- however there has been an abnormally high increase in the past few months, making me think there was some kind of Exchange Server zero day perhaps. In my own ...
9 months ago Doublepulsar.com
NATO Draws a Cyber Red Line in Tensions With Russia - There has long been a military red line that NATO says Russia must not cross. Germany took a very strong diplomatic position, summoning Russia's representative, and then recalling its own Russian ambassador for talks. This is clearly a strong and ...
4 months ago Securityweek.com
NATO Draws a Cyber Red Line in Tensions With Russia - There has long been a military red line that NATO says Russia must not cross. Germany took a very strong diplomatic position, summoning Russia's representative, and then recalling its own Russian ambassador for talks. This is clearly a strong and ...
4 months ago Packetstormsecurity.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug - Microsoft has identified one of the critical vulnerabilities in Exchange Server that the company disclosed in February's Patch Tuesday update as actually being a zero-day threat that attackers are already actively exploiting. CVE-2024-21410 is an ...
7 months ago Darkreading.com
Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug - Advanced persistent threat group APT28 is behind ongoing campaigns to steal sensitive government and corporate information. The threat group is reportedly abusing unpatched instances of a Microsoft Exchange flaw patched nine months ago, according to ...
10 months ago Packetstormsecurity.com
Microsoft Exchange 2019 has reached end of mainstream support - Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. Starting today, the company says it will no longer accept requests for bug fixes and Design Change Requests, but it ...
8 months ago Bleepingcomputer.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
10 months ago Microsoft.com
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
6 days ago Aws.amazon.com
Ukrainian military says it hacked Russia's federal tax agency - The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, ...
9 months ago Bleepingcomputer.com
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks - Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. The mail systems run a software version that is currently unsupported and no longer ...
10 months ago Bleepingcomputer.com
Fancy Bear hackers still exploiting Microsoft Exchange flaw - A Russian nation-state group continues to exploit a critical Microsoft vulnerability that was patched eight months ago to gain access to emails within victim organizations' Exchange servers. In March, Microsoft disclosed a zero-day elevation of ...
10 months ago Techtarget.com
Ukraine says it hacked Russian aviation agency, leaks data - Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for ...
10 months ago Bleepingcomputer.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
8 months ago Bleepingcomputer.com
23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits - It's been nearly two years since Russia's invasion of Ukraine, and as the grim milestone looms and winter drags on, the two nations are locked in a grueling standoff. If you made some New Year's resolutions related to digital security, check out our ...
9 months ago Wired.com
Microsoft Exchange Servers Vulnerable to Cyberattacks - Microsoft Exchange Servers are becoming increasingly vulnerable to cyberattacks due to unpatched security vulnerabilities. Microsoft has recently released several critical patches for Exchange Servers, but it is still not enough to prevent possible ...
1 year ago Hackread.com
Microsoft extends Purview Audit log retention after July breach - Microsoft is extending Purview Audit log retention as promised after the Chinese Storm-0558 hacking group breached dozens of Exchange and Microsoft 365 corporate and government accounts in July. The list of affected organizations included government ...
10 months ago Bleepingcomputer.com
Thousands of Outdated Microsoft Exchange Servers are Susceptible to Cyber Attacks - A large number of Microsoft Exchange email servers in Europe, the United States, and Asia are currently vulnerable to remote code execution flaws due to their public internet exposure. These servers are running out-of-date software that is no longer ...
10 months ago Cysecurity.news
Russia Fines Google, Discord For 'Banned Content' | Silicon UK - Russia has issued a fine against Alphabet’s Google, as well the instant messaging platform Discord, over content the Putin regime deems illegal. Google was reportedly fined for not removing content Russia deems illegal, while Discord was ...
1 week ago Silicon.co.uk
Microsoft Urges Admins to Patch On-Premises Exchange Servers: Updated Security Advice - Microsoft recently released updated guidelines and security advice regarding on-premises Exchange server environments. The company reminded administrators that patching their Exchange servers is essential to prevent cyberattacks and ensure their ...
1 year ago Bleepingcomputer.com
Ukraine Claims it "Paralyzed" Russia's Tax System - Ukraine has claimed a major scalp in the ongoing cyber-war with Russia, saying it has effectively crippled the Kremlin's tax system. These extended across Russia and annexed territories in Ukraine including Crimea, it added. Both these servers and ...
9 months ago Infosecurity-magazine.com
Over 28,500 Exchange servers vulnerable to actively exploited bug - Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. Microsoft addressed the issue on Fenruary 13, when it had already been ...
7 months ago Bleepingcomputer.com
Monthly Overview of Global Threats Involving IronNet - At the beginning of each month, we will be releasing blogs that analyze the intersection of geopolitical activity and cyber operations. We will be focusing on the strategies and motivations of Russia, China, Iran, and North Korea that could be a ...
1 year ago Ironnet.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
8 months ago Microsoft.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)