Security News > 2023 > December > Fancy Bear goes phishing in US, European high-value networks

Fancy Bear goes phishing in US, European high-value networks
2023-12-06 00:15

Fancy Bear, the Kremlin's cyber-spy crew, has been exploiting two previously patched bugs for large-scale phishing campaigns against high-value targets - like government, defense, and aerospace agencies in the US and Europe - since March, according to Microsoft.

The US and UK governments have linked this state-sponsored gang to Russia's military intelligence agency, the GRU. Its latest phishing expeditions look to exploit CVE-2023-23397, a Microsoft Outlook elevation of privilege flaw, and CVE-2023-38831, a WinRAR remote code execution flaw that allows arbitrary code execution.

On Monday, Microsoft updated its March guidance for organizations investigating attacks exploiting this Exchange hole, and reported that Fancy Bear has been "Actively exploiting CVE-2023-23397 to provide secret, unauthorized access to email accounts within Exchange servers."

Specifically, more than 10,000 emails that Proofpoint has attributed to Fancy Bear were sent during the late summer.

These phishing emails contained an appointment attachment, using a TNEF file disguised as a CSV, Excel file, or Word document.

Lesnewich told us "The payloads, tactics, and techniques used in these campaigns reflect TA422's ultimate shift away from compiled malware for persistent access on targeted networks to lighter-weight, credential-oriented access." .


News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/06/fancy_bear_phishing_microsoft/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-23 CVE-2023-38831 Insufficient Verification of Data Authenticity vulnerability in Rarlab Winrar
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive.
local
low complexity
rarlab CWE-345
7.8
2023-03-14 CVE-2023-23397 Authentication Bypass by Capture-replay vulnerability in Microsoft products
Microsoft Outlook Elevation of Privilege Vulnerability
network
low complexity
microsoft CWE-294
critical
9.8