Yesterday Microsoft revealed suspicious activity in the context of an exploit of Outlook. Campaign manager would be APT28a group of Russian hackers believed to be close to the Kremlin.
The collective, also known as Forest Blizzard, BlueDelta and other names, is reportedly working on the vulnerability CVE-2023-23397, already known and corrected last March. This exploit, classified with a score CVSS Of 9,8is a critical bug that allows cybercriminals to gain elevated privileges and access hash Net-NTLMv2 of the victim.
According to what was stated by Cyber Command of Poland (DKWOC) the objective of APT28 would be to obtain unauthorized access to the mailboxes of public and private entities in the country. Through the exploit, a hacker can easily get full access to the victims’ email and use the same to spread further malware or similar malicious agents.
For APT28 this type of attack is certainly nothing new
The modus operandi implemented by APT28 is certainly nothing new in this context. Microsoft, for example, has already reported in 2022 how Russian hacker groups had exploited zero-day vulnerability to attack areas such as government sectors and not only in Europe.
The last operation similar to the one just revealed dates back to June 2023. In fact, in the summer period, the cybersecurity company Recorded Future revealed a massive campaign of spear-phishing precisely from APT28. In that case, it was the email software that was targeted Roundcube.
According to data provided by experts APT28 is a group directly linked to unit 26165 of the main directorate of General Staff of the Armed Forces of the Russian Federationtherefore acting under the order of Ministry of Defence.
As always happens in these cases, the best possible way to avoid disasters is to keep Outlook updated with the most recent ones security patches available.