NATO and the EU Formally Condemned Russia-Linked APT28 Cyber Espionage
-
NATO and the European Union have jointly condemned cyber espionage operations conducted by the Russia-linked threat actor APT28, also known as "Forest Blizzard," "Fancybear," or "Strontium," against European countries. The Federal Government of Germany has strongly condemned APT28's long-term espionage campaign, particularly targeting the Executive Committee of the Social Democratic Party of Germany. The cyber actor exploited a critical vulnerability in Microsoft Outlook, identified as CVE-2023-23397, which allowed access to numerous email accounts.
This zero-day flaw in Microsoft Outlook, a spoofing vulnerability leading to authentication bypass, was exploited by APT28 against European entities since April 2022. Targets included NATO entities, Ukrainian government agencies, and various organizations in 14 nations deemed of strategic intelligence significance to the Russian government and its military.
Palo Alto Networks' Unit 42 researchers reported APT28's exploitation of CVE-2023-23397 in attacks against European NATO members. Microsoft published guidance for investigating attacks exploiting this patched Outlook vulnerability in March 2023. Subsequently, APT28 targeted government, energy, transportation, and non-governmental organizations in the US, Europe, and the Middle East.
APT28 initiated exploitation of the vulnerability in March 2022, conducting multiple campaigns over time. Unit 42 discovered that in the second and third campaigns, APT28 continued using a publicly known exploit for the Outlook flaw. This suggests that the benefits of accessing intelligence outweighed the potential risks of detection.
The continuous exploitation of this vulnerability underscores the persistence and strategic importance of APT28's cyber espionage operations, posing significant challenges to cybersecurity efforts globally.
ที่มาแหล่งข่าว
https://securityaffairs.com/162759/apt/nato-eu-condemned-apt28-espionage.html
