Security News > 2023 > December > Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)
Russian state-backed hacking group Forest Blizzard has been using a known Microsoft Outlook vulnerability to target public and private entities in Poland, Polish Cyber Command has warned.
The attacks were further analyzed by Polish Cyber Command, who confirmed that the threat actors have been gaining access to email accounts within Microsoft Exchange servers and modifying folder permissions within the victim's mailbox.
How did APT28 gain access to the email accounts in the first place? Either through brute-force attacks or by exploiting CVE-2023-23397, Polish Cyber Command found.
CVE-2023-23397 is a critical elevation of privilege vulnerability that affects Microsoft Outlook for Windows.
Polish Cyber Command has provided a toolkit that organizations can use to detect potentially suspicious mailbox folder sharing within Microsoft Exchange servers, and a list of recommendations and guidelines on what to do if compromise is suspected.
CVE-2023-23397 is not the only "Old" vulnerability exploited by APT28 attackers: Microsoft's Threat Intelligence team says that the group still leverages known public exploits for CVE-2023-38831 and CVE-2021-40444, even though fixes have been available for quite some time.
News URL
https://www.helpnetsecurity.com/2023/12/05/apt28-poland-cve-2023-23397/
Related news
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)
- Russian cyber spies hide behind other hackers to target Ukraine (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-38831 | Insufficient Verification of Data Authenticity vulnerability in Rarlab Winrar RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. | 7.8 |
| 2023-03-14 | CVE-2023-23397 | Authentication Bypass by Capture-replay vulnerability in Microsoft products Microsoft Outlook Elevation of Privilege Vulnerability | 9.8 |
| 2021-09-15 | CVE-2021-40444 | Path Traversal vulnerability in Microsoft products <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. | 0.0 |