On Monday, Microsoft announced that it detected nation-state activity exploiting a now-patched critical security flaw in its Outlook email application. The company stated that the threat actor attempted to gain unauthorized access to victim accounts within Exchange servers and attributed the activity to Forest Blizzard (aka APT28, Fancy Bear).
- Polish Cyber Command (DKWOC) stated the campaign targeted public and private entities within their country. DKWOC explained that the threat actors attempted to modify folder permissions in the victim’s mailbox, changing default permissions from ‘None’ to ‘Owner’. This would enable the threat actor to extract valuable information from high-value targets, even after losing direct access to their mailbox.
- Microsoft previously disclosed this security flaw, which Russia-based threat actors have weaponized since April 2022. Their operations primarily targeted government, transportation, military, and energy sectors in Europe. Recorded Future and the National Cybersecurity Agency of France have both previously blamed APT 28 for conducting activity that overlaps with this current Outlook campaign.
Read More:
https://thehackernews.com/2023/12/microsoft-warns-of-kremlin-backed-apt28.html