Security News > 2023 > December > Russian hackers exploiting Outlook bug to hijack Exchange accounts

Russian hackers exploiting Outlook bug to hijack Exchange accounts
2023-12-04 20:14

Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information.

The tech giant also highlighted the exploitation of other vulnerabilities with publicly available exploits in the same attacks, including CVE-2023-38831 in WinRAR and CVE-2021-40444 in Windows MSHTML. Outlook flaw exploitation background.

The disclosure of the flaw came with the revelation that APT28 had been exploiting it since April 2022 via specially crafted Outlook notes designed to steal NTLM hashes, forcing the target devices to authenticate to attacker-controlled SMB shares without requiring user interaction.

In October, the French cybersecurity agency revealed that the Russian hackers had used the zero-click attack against government entities, businesses, universities, research institutes, and think tanks in France.

Microsoft fixes Outlook zero-day used by Russian hackers since April 2022.

Microsoft: State hackers exploiting Confluence zero-day since September.


News URL

https://www.bleepingcomputer.com/news/microsoft/russian-hackers-exploiting-outlook-bug-to-hijack-exchange-accounts/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-23 CVE-2023-38831 Insufficient Verification of Data Authenticity vulnerability in Rarlab Winrar
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive.
local
low complexity
rarlab CWE-345
7.8
2023-03-14 CVE-2023-23397 Authentication Bypass by Capture-replay vulnerability in Microsoft products
Microsoft Outlook Elevation of Privilege Vulnerability
network
low complexity
microsoft CWE-294
critical
9.8
2021-09-15 CVE-2021-40444 Path Traversal vulnerability in Microsoft products
<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows.
0.0