Russian hackers use old Outlook vulnerability to target Polish orgs

Russian state-backed hacking group Forest Blizzard has been using a known Microsoft Outlook vulnerability to target public and private entities in Poland, Polish Cyber Command has warned.
Compromising email accounts and maintaining access to them.
APT28 is known for targeting government, non-governmental, energy and transportation organizations in the US, Europe, and the Middle East.
The most recent attacks were detected and reported by the computer security incident response team of the Polish National Research institute.
The attacks were further analyzed by Polish Cyber Command, who confirmed that the threat actors have been gaining access to email accounts within Microsoft Exchange servers and modifying folder permissions within the victim's mailbox.
APT28 leverages CVE-2023-23397 to spy on organizations in Poland.
CVE-2023-23397 is a critical elevation of privilege vulnerability that affects Microsoft Outlook for Windows.
CVE-2023-23397 can be exploited by sending to the target a specially crafted email message that triggers a reminder.
Even though Microsoft urged users to patch the vulnerability in March, it's obvious that there are systems out there that are still unpatched and vulnerable.
In late March, Microsoft published detailed mitigations, indicators of compromise and methods for determining whether a company has been compromised by attackers exploiting CVE-2023-23397, and that advice still holds.
Polish Cyber Command has provided a toolkit that organizations can use to detect potentially suspicious mailbox folder sharing within Microsoft Exchange servers, and a list of recommendations and guidelines on what to do if compromise is suspected.
They assess that the adversary is sophisticated and has a thorough knowledge of the architecture and mechanisms of the Microsoft Exchange mail system.
The attackers also used commercial VPN services to blend their attack traffic and changed IP addresses when hitting different targets.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Tue, 05 Dec 2023 15:13:05 +0000


Cyber News related to Russian hackers use old Outlook vulnerability to target Polish orgs

Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
10 months ago Bleepingcomputer.com
Russian hackers use old Outlook vulnerability to target Polish orgs - Russian state-backed hacking group Forest Blizzard has been using a known Microsoft Outlook vulnerability to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining access to them. ...
10 months ago Helpnetsecurity.com
Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
10 months ago Bleepingcomputer.com
Microsoft fixes connection issue affecting Outlook email apps - Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. More details on how to use app passwords with apps without two-step verification support can be found in this support ...
8 months ago Bleepingcomputer.com
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
10 months ago Bleepingcomputer.com
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug - An espionage group linked to the Russian military continues to use a zero-click vulnerability in Microsoft Outlook in attempts to compromise systems and gather intelligence from government agencies in NATO countries, as well as the United Arab ...
10 months ago Darkreading.com
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
10 months ago Bleepingcomputer.com
Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
10 months ago Bleepingcomputer.com
Microsoft: Outlook clients not syncing over Exchange ActiveSync - Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. Exchange ActiveSync is an Exchange synchronization protocol using HTTP and XML to let users ...
7 months ago Bleepingcomputer.com
Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer - In a recent cybersecurity incident, three Polish hackers achieved success in repairing the malfunctioning software of a train, initially serviced by independent repair shops for a regional rail operator. The narrative took a twist when accusations ...
9 months ago Hackread.com
Hackers Actively Exploiting Outlook Privilege Escalation Flaw - Hackers target and exploit Outlook vulnerabilities because it is a widely used email platform, providing a large potential victim pool. Exploiting vulnerabilities in Outlook allows hackers to:-. In collaboration with the Polish Cyber Command, ...
10 months ago Cybersecuritynews.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
8 months ago Bleepingcomputer.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
8 months ago Bleepingcomputer.com
How a Group of Train Hackers Exposed a Right-to-Repair Nightmare - Earlier this month, Polish hackers known as Dragon Sector accused one of Poland's largest train makers, Newag, of intentionally bricking its own trains when they're repaired by third parties. Newag threatened to sue Dragon Sector, but the story ...
9 months ago Packetstormsecurity.com
Russian military hackers target Ukraine with new MASEPIE malware - Ukraine's Computer Emergency Response Team is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. APT28, aka Fancy Bear or Strontium, is a Russian state-sponsored ...
9 months ago Bleepingcomputer.com
Russian hackers wiped thousands of systems in KyivStar attack - The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped almost all systems on the telecom operator's network. Following the incident, Kyivstar's mobile and data services went down, ...
9 months ago Bleepingcomputer.com
Fancy Bear hackers still exploiting Microsoft Exchange flaw - A Russian nation-state group continues to exploit a critical Microsoft vulnerability that was patched eight months ago to gain access to emails within victim organizations' Exchange servers. In March, Microsoft disclosed a zero-day elevation of ...
10 months ago Techtarget.com
Microsoft Outlook December updates trigger ICS security alerts - Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates. The company also revealed that the security warning will be ...
8 months ago Bleepingcomputer.com
Partnering with Government to Strengthen Cyber Resilience in Poland - We are honored to partner with the Polish Government as part of its Polish Cybersecurity Partnership Program program to help expand the country's national cybersecurity capabilities, enhance its cyber defenses, and increase public awareness of the ...
8 months ago Paloaltonetworks.com
Akamai discloses zero-click exploit for Microsoft Outlook - While examining a previous bypass mitigation, Akamai Technologies discovered two new Windows vulnerabilities that could allow an attacker to create a zero-click exploit against Microsoft Outlook clients. In a two-part report published Monday, Akamai ...
9 months ago Techtarget.com
Poland says Russian military hackers target its govt networks - Poland says a state-backed threat group linked to Russia's military intelligence service has been targeting Polish government institutions throughout the week. According to evidence found by CSIRT MON, the country's Computer Security Incident ...
4 months ago Bleepingcomputer.com
HPE: Russian hackers breached its security team's email accounts - Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight ...
8 months ago Bleepingcomputer.com
Ukraine says it hacked Russian aviation agency, leaks data - Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for ...
10 months ago Bleepingcomputer.com
Fancy Bear goes phishing in US, European high-value networks The Register - Fancy Bear, the Kremlin's cyber-spy crew, has been exploiting two previously patched bugs for large-scale phishing campaigns against high-value targets - like government, defense, and aerospace agencies in the US and Europe - since March, according ...
10 months ago Go.theregister.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
7 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)