Security News > 2023 > December > Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)
Russian state-backed hacking group Forest Blizzard has been using a known Microsoft Outlook vulnerability to target public and private entities in Poland, Polish Cyber Command has warned.
The attacks were further analyzed by Polish Cyber Command, who confirmed that the threat actors have been gaining access to email accounts within Microsoft Exchange servers and modifying folder permissions within the victim's mailbox.
How did APT28 gain access to the email accounts in the first place? Either through brute-force attacks or by exploiting CVE-2023-23397, Polish Cyber Command found.
CVE-2023-23397 is a critical elevation of privilege vulnerability that affects Microsoft Outlook for Windows.
Polish Cyber Command has provided a toolkit that organizations can use to detect potentially suspicious mailbox folder sharing within Microsoft Exchange servers, and a list of recommendations and guidelines on what to do if compromise is suspected.
CVE-2023-23397 is not the only "Old" vulnerability exploited by APT28 attackers: Microsoft's Threat Intelligence team says that the group still leverages known public exploits for CVE-2023-38831 and CVE-2021-40444, even though fixes have been available for quite some time.
News URL
https://www.helpnetsecurity.com/2023/12/05/apt28-poland-cve-2023-23397/
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-38831 | Insufficient Verification of Data Authenticity vulnerability in Rarlab Winrar RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. | 7.8 |
| 2023-03-14 | CVE-2023-23397 | Authentication Bypass by Capture-replay vulnerability in Microsoft products Microsoft Outlook Elevation of Privilege Vulnerability | 9.8 |
| 2021-09-15 | CVE-2021-40444 | Path Traversal vulnerability in Microsoft products <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. | 0.0 |