Specialized groups of Russian hackers acting directly on behalf of the Kremlin have been trying to infiltrate European Internet networks for years. However, the outbreak of war in Ukraine has made such attacks even more intense.
About the latest campaign carried out by Putin’s cyber soldiers According to its findings, that between April and December 2022 organization hackers APT28 were to access the networks used by “less than 15” government, military, transport and energy organizations.
The APT28 group (its other names are STRONTIUM, Sofacy and Fancy Bear) is considered the Kremlin’s greatest ally in cyberwarfare. Cybersecurity experts from companies such as Microsoft and Kaspersky suggest that APT28 is not only related to the intelligence service of the Russian Federation (GRU), but is even an integral part of it.
APT28 is accused of, among others, for hacker attacks on the German parliament, French television TV5 Monde and the theft of data from the servers of the World Anti-Doping Agency. This group was also allegedly obstructing the investigation into the MH-17 crash, as well as hacking into the servers of the Polish Ministry of Foreign Affairs in December 2016.
Russian hackers attacked in Europe. All because of a vulnerability in a popular application
According to the CNN findings, Russian hackers used a vulnerability in a popular e-mail application to attack European Internet networks Microsoft Outlook. The vulnerability was first detected by the Ukrainian CERT team.
Microsoft itself informed customers about this vulnerability, and also released an update, which fixes it. However, the Redmond company has not officially confirmed that the discovered vulnerability was used by Russian hackers to successfully attack European critical infrastructure.
According to CNN, however, the American company unofficially admitted that “fewer than 15” organizations were targeted or fell victim to hackers from the APT28 group.
Such confirmation can also be found in the message published by plenipotentiary of the Polish government for cybersecurity:
Vulnerabilities, i.e. errors and security gaps, also occur in commonly used products of large suppliers. Microsoft has published information about a critical (ie easy to exploit and wide-ranging) vulnerability in the Outlook application on Windows. It can lead to remote takeover of the account, without the user’s participation. The vulnerability has been actively used in attacks by one of the groups affiliated with the Russian government since April 2022, including in Poland.
We recommend immediate action by administrators of all organizations whose users use email via the Microsoft Outlook client.
– we read further.
How does the vulnerability exploited by Russian hackers work?
The vulnerability detected in the Microsoft Outlook application allows for taking control over the user’s account in two different ways. One of them allows you to obtain a password through the so-called. dictionary attack, that is, one that uses trial and error to discover login details. The second method allows direct use of the user’s session to log in to other organization services.
To carry out the attack, it is enough for the victim to receive the appropriate e-mail. No user action is required. The attack can be carried out remotely. The obtained domain password can be used to log in to other publicly available company services. If two-factor authentication is not used, it can lead to an attacker gaining access to the corporate network.
says the government announcement.
As we read, “all versions of Microsoft Outlook for the Windows platform are vulnerable to attacks using the detected vulnerability.” “Versions for Android, iOS or macOS platforms” and “cloud services such as Microsoft 365” are not affected.
The Polish government recommended network administrators belonging to Polish companies and organizations update the application as soon as possible in accordance with the guidelines published on the following page: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
It is also worth recalling that the use of strong passwords will significantly hinder the use of vulnerabilities by cybercriminals. You can read about how to create such passwords here: Passwords | CERT Poland. An important recommendation is also the use of two-factor authentication, in particular for services exposed to the Internet.
– we read.
How can organizations check their security?
Microsoft has also released a special tool that allows organizations to check whether their users have received messages that could exploit the vulnerability in the Outlook application. It is available to administrators
The secret army of the Kremlin
Over the past decades, Russia has developed a reputation as a country that is very eager to use the services of hacking groups, and Russian cyber soldiers are accused of almost every major cybersecurity incident.
The list of attacks attributed to the Kremlin is impressive and growing. In 2007, hackers allegedly launched a cyberattack on Estonia. At that time, IT systems of the Estonian parliament, government and banks were paralyzed. Russia also allegedly used its hackers during the conflict with Georgia.
At the end of 2015, the Kremlin’s cybersoldiers allegedly attacked a nuclear power plant in Ukrainian Zaporizhia. Then – in front of the operator on the shift at that time – they remotely turned off all generators, depriving almost 700,000 people of electricity. households.
The greatest fame for Russian hackers was to bring interference in the course of the presidential election in the USA. On July 14, 2016, the American daily “Washington Post” reported that hackers acting on behalf of the Kremlin had stolen e-mails from the servers of the Democratic Party, which were then published by Wikileaks.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
