Security News > 2024 > May > Poland says Russian military hackers target its govt networks
Poland says a state-backed threat group linked to Russia's military intelligence service has been targeting Polish government institutions throughout the week.
According to evidence found by CSIRT MON, the country's Computer Security Incident Response Team and CERT Polska, Russian APT28 state hackers attacked multiple government institutions in a large-scale phishing campaign.
Since it surfaced in the mid-2000s, the Russian state-backed hacking group has coordinated many high-profile cyber-attacks and was linked to GRU's Military Unit 26165 in 2018.
APT28 hackers were behind hacks of the Democratic National Committee and the Democratic Congressional Campaign Committee before the 2016 U.S. Presidential Election and the breach of the German Federal Parliament in 2015.
The United States charged multiple APT28 members for their involvement in the DNC and DCCC attacks in July 2018, while the Council of the European Union sanctioned APT28 in October 2020 for the Bundestag hack.
The attackers exploited the CVE-2023-23397 Microsoft Outlook vulnerability in the attack, a security flaw used as a zero-day to target NATO members in Europe, Ukrainian government agencies, and NATO fast reaction corps starting in April 2022.
News URL
Related news
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-14 | CVE-2023-23397 | Authentication Bypass by Capture-replay vulnerability in Microsoft products Microsoft Outlook Elevation of Privilege Vulnerability | 9.8 |