Security News > 2023 > December > Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)
Russian state-backed hacking group Forest Blizzard has been using a known Microsoft Outlook vulnerability to target public and private entities in Poland, Polish Cyber Command has warned.
The attacks were further analyzed by Polish Cyber Command, who confirmed that the threat actors have been gaining access to email accounts within Microsoft Exchange servers and modifying folder permissions within the victim's mailbox.
How did APT28 gain access to the email accounts in the first place? Either through brute-force attacks or by exploiting CVE-2023-23397, Polish Cyber Command found.
CVE-2023-23397 is a critical elevation of privilege vulnerability that affects Microsoft Outlook for Windows.
Polish Cyber Command has provided a toolkit that organizations can use to detect potentially suspicious mailbox folder sharing within Microsoft Exchange servers, and a list of recommendations and guidelines on what to do if compromise is suspected.
CVE-2023-23397 is not the only "Old" vulnerability exploited by APT28 attackers: Microsoft's Threat Intelligence team says that the group still leverages known public exploits for CVE-2023-38831 and CVE-2021-40444, even though fixes have been available for quite some time.
News URL
https://www.helpnetsecurity.com/2023/12/05/apt28-poland-cve-2023-23397/
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-38831 | Insufficient Verification of Data Authenticity vulnerability in Rarlab Winrar RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. | 7.8 |
| 2023-03-14 | CVE-2023-23397 | Authentication Bypass by Capture-replay vulnerability in Microsoft products Microsoft Outlook Elevation of Privilege Vulnerability | 9.8 |
| 2021-09-15 | CVE-2021-40444 | Path Traversal vulnerability in Microsoft products <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. | 8.8 |