CyberSecurityBoard
Sponsor Register Login

Russia-linked APT28 uses NotDoor backdoor to target Outlook users

Russian state-sponsored threat group APT28 has been observed deploying a new backdoor malware named NotDoor, specifically targeting Microsoft Outlook users. This sophisticated cyber espionage campaign aims to infiltrate high-profile organizations by exploiting vulnerabilities in email clients. NotDoor operates stealthily, allowing attackers to maintain persistent access and exfiltrate sensitive data without detection. The malware's design indicates a focus on espionage rather than financial gain, aligning with APT28's known objectives. Security experts emphasize the importance of patching Outlook vulnerabilities and implementing robust email security protocols to mitigate such threats. Organizations are urged to monitor network traffic for unusual patterns and employ advanced threat detection systems to identify and respond to NotDoor activities promptly. This incident highlights the evolving tactics of state-sponsored actors in leveraging trusted communication platforms for cyberattacks, underscoring the need for continuous vigilance and cybersecurity investment.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Wed, 03 Sep 2025 12:50:05 +0000


Cyber News related to Russia-linked APT28 uses NotDoor backdoor to target Outlook users

Russia-linked APT28 uses NotDoor backdoor to target Outlook users - Russian state-sponsored threat group APT28 has been observed deploying a new backdoor malware named NotDoor, specifically targeting Microsoft Outlook users. This sophisticated cyber espionage campaign aims to infiltrate high-profile organizations by ...
2 hours ago Infosecurity-magazine.com APT28
NATO Draws a Cyber Red Line in Tensions With Russia - There has long been a military red line that NATO says Russia must not cross. Germany took a very strong diplomatic position, summoning Russia's representative, and then recalling its own Russian ambassador for talks. This is clearly a strong and ...
1 year ago Securityweek.com APT28 APT29
NATO Draws a Cyber Red Line in Tensions With Russia - There has long been a military red line that NATO says Russia must not cross. Germany took a very strong diplomatic position, summoning Russia's representative, and then recalling its own Russian ambassador for talks. This is clearly a strong and ...
1 year ago Packetstormsecurity.com APT28 APT29
France blames Russian military intelligence for years of cyberattacks on local entities | The Record from Recorded Future News - According to French officials, APT28 — also known as Fancy Bear or BlueDelta, and long believed to be an arm of the GRU’s Unit 26165 —has been behind cyber operations affecting around ten French entities since 2021. France has accused a hacker ...
4 months ago Therecord.media Fancy Bear APT28
France ties Russian APT28 hackers to 12 cyberattacks on French orgs - In a separate report published today, the French National Agency for the Security of Information Systems (ANSSI) says the list of French organizations attacked by APT28 military hackers includes ministerial entities, local governments, and ...
4 months ago Bleepingcomputer.com Fancy Bear APT28
Poland says Russian military hackers target its govt networks - Poland says a state-backed threat group linked to Russia's military intelligence service has been targeting Polish government institutions throughout the week. According to evidence found by CSIRT MON, the country's Computer Security Incident ...
1 year ago Bleepingcomputer.com CVE-2023-23397 APT28
Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
1 year ago Bleepingcomputer.com CVE-2023-23397 CVE-2023-38831 CVE-2021-40444 APT28
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com CVE-2023-23397 Fancy Bear APT28
Microsoft says button to restore classic Outlook is broken - Since the beginning of the year, it has addressed other Outlook issues, including one that causes classic Outlook to crash when writing, replying to, or forwarding an email, and another one that led to Classic Outlook and Microsoft 365 applications ...
5 months ago Bleepingcomputer.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon
Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug - Advanced persistent threat group APT28 is behind ongoing campaigns to steal sensitive government and corporate information. The threat group is reportedly abusing unpatched instances of a Microsoft Exchange flaw patched nine months ago, according to ...
1 year ago Packetstormsecurity.com CVE-2023-23397 CVE-2023-38831 APT28
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
2 years ago Securityweek.com
France says Russian state hackers breached numerous critical networks - The Russian APT28 hacking group has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021. The threat group, which is considered part of Russia's military ...
1 year ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-23397 APT28 Cactus
BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
1 year ago Securityboulevard.com CVE-2024-27198 CVE-2023-42793 BianLian
Microsoft: Outlook clients not syncing over Exchange ActiveSync - Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. Exchange ActiveSync is an Exchange synchronization protocol using HTTP and XML to let users ...
1 year ago Bleepingcomputer.com
Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
1 year ago Bleepingcomputer.com
Microsoft fixes button that restores classic Outlook client - Since the start of the year, it has fixed other Outlook issues, including one that led to Classic Outlook and Microsoft 365 applications crashing on Windows Server 2016 or Windows Server 2019 systems and another one that triggers classic Outlook ...
5 months ago Bleepingcomputer.com
Microsoft Outlook December updates trigger ICS security alerts - Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates. The company also revealed that the security warning will be ...
1 year ago Bleepingcomputer.com CVE-2023-35636
Microsoft fixes connection issue affecting Outlook email apps - Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. More details on how to use app passwords with apps without two-step verification support can be found in this support ...
1 year ago Bleepingcomputer.com
Russian military hackers target Ukraine with new MASEPIE malware - Ukraine's Computer Emergency Response Team is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. APT28, aka Fancy Bear or Strontium, is a Russian state-sponsored ...
1 year ago Bleepingcomputer.com Fancy Bear APT28
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug - An espionage group linked to the Russian military continues to use a zero-click vulnerability in Microsoft Outlook in attempts to compromise systems and gather intelligence from government agencies in NATO countries, as well as the United Arab ...
1 year ago Darkreading.com CVE-2023-23397 Fancy Bear APT28
Microsoft fixes Outlook drag-and-drop broken by Windows updates - "After installing the January 2025 Windows non-security preview update and subsequent updates on devices running Windows 11, version 24H2, you may find that you are not able to drag and drop emails or calendar items to folders in classic Outlook," ...
6 months ago Bleepingcomputer.com
Akamai discloses zero-click exploit for Microsoft Outlook - While examining a previous bypass mitigation, Akamai Technologies discovered two new Windows vulnerabilities that could allow an attacker to create a zero-click exploit against Microsoft Outlook clients. In a two-part report published Monday, Akamai ...
1 year ago Techtarget.com CVE-2023-35384 CVE-2023-36710 CVE-2023-23397 CVE-2023-29324
Russian Sandworm Group Using Novel Backdoor to Target Ukraine - Russian nation-state group Sandworm is believed to be utilizing a novel backdoor to target organizations in Ukraine and other Eastern and Central European countries, according to WithSecure researchers. The previously unreported backdoor, dubbed ...
1 year ago Infosecurity-magazine.com
Microsoft Might Be Sharing Your Outlook Emails Without Your Knowledge - Microsoft's data collection practices are under scrutiny, as a recent report suggests the Outlook for Windows app might be sharing more user information than expected. With this app now default on Windows 11, the impact could be widespread. ...
1 year ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)