Microsoft Outlook Flaw Exploited by Russia’s APT28 to Hack Czech, German Entities

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

May 4, 2024 at 05:30AM

Czechia and Germany were targeted by a long-term cyber espionage campaign by Russia-linked APT28, utilizing a security flaw in Microsoft Outlook. The attack compromised email accounts and targeted various industry verticals. The European Union, NATO, U.K., and U.S. condemned the cyber campaign. Additionally, there were reports of DDoS attacks and a joint fact sheet released to secure critical infrastructure organizations.

From the meeting notes, it is clear that Czechia and Germany were targeted in a cyber espionage campaign conducted by the Russia-linked nation-state actor, APT28. The campaign exploited a security flaw in Microsoft Outlook (CVE-2023-23397) to access Net-NTLMv2 hashes and compromise numerous email accounts. The campaign also targeted various industry verticals in Germany, Ukraine, and Europe, and was linked to the 2015 attack on the German federal parliament. APT28 is assessed to be linked to Military Unit 26165 of the Russian Federation’s military intelligence agency GRU and has been involved in various malicious cyber activities.

The meeting notes also highlight the potential risk of state-sponsored cyber threat activity to elections in regions such as the U.S., the U.K., and the E.U., and the surge in DDoS attacks targeting Sweden following its acceptance to the NATO alliance. Additionally, the notes reference a joint fact sheet released by government agencies from Canada, the U.K., and the U.S. to help secure critical infrastructure organizations from attacks by pro-Russia hacktivists against industrial control systems and small-scale operational technology systems since 2022.

The notes provide valuable insights into the cyber threats posed by APT28 and other threat actor groups, as well as the measures recommended to mitigate these threats, including the hardening of human machine interfaces, limiting exposure of OT systems to the internet, using strong and unique passwords, and implementing multi-factor authentication for all access to the OT network.

Full Article