December 7, 2023 at 05:26PM Russian APT28 hackers exploited a Microsoft Outlook zero-day (CVE-2023-23397) to target European NATO members and a NATO corps. Over 20 months, they attacked at least 30 organizations in 14 countries. Despite the patch in 2023, they continued using it for credential theft and lateral network movement. Unit 42 linked the … Read more
December 5, 2023 at 07:22PM Fancy Bear, a Russian cyber-spy group, has been targeting US and European agencies using patched Outlook and WinRAR flaws for phishing campaigns. Microsoft and Polish Cyber Command observed unauthorized access to high-value email accounts. Over 10,000 emails were used to exploit the vulnerabilities. Proofpoint expects continued exploitation of unpatched systems … Read more
December 5, 2023 at 03:12AM Microsoft identified activity by Russian-supported threat group Forest Blizzard (also known as APT28 and other names) exploiting a severe Outlook security flaw, CVE-2023-23397, to access email accounts on Exchange servers. The group targeted various sectors and used the bug to maintain unauthorized mailbox access. Microsoft patched the bug in March … Read more
December 4, 2023 at 03:19PM Microsoft warns of APT28 exploiting a critical Outlook flaw, CVE-2023-23397, to hijack Exchange accounts, targeting governmental and key sectors in the US, Europe, and the Middle East. The attacks, using various vulnerabilities, have been ongoing since April 2022. Urgent mitigation includes applying security updates and enabling MFA. Meeting Takeaways: 1. … Read more