Russian hackers target EU countries using a simple Microsoft Outlook security flaw

Russia
Et bilde av et tastatur der Enter-knappen har påmalt et russisk flagg, med en liten gullbjørn stående på tasten. (Image credit: Shutterstock / Aleksandra Gigowska)

We now know how APT28, a known Russian state-sponsored threat actor, managed to compromise multiple email accounts belonging to the Executive Committee of the German Social Democratic Party back in 2022 - it was via a security flaw in Microsoft Outlook.

The German Federal Government said APT28 abused a vulnerability in Microsoft Outlook, tracked as CVE-2023-23397, to compromise the accounts. 

The hackers targeted government, military, energy and transportation organizations, in countries part of both the European Union and NATO, as well as Ukrainian government agencies, and NATO fast reaction corps. 

Disrupting Russia's campaigns

Germany, Czechia, NATO, and the European Union came together to detail APT28’s activities over the past couple of years, calling them “intolerable and unacceptable.”

"Russian state hackers attacked Germany in cyberspace. This is absolutely intolerable and unacceptable and will have consequences," German Foreign Minister Annalena Baerbock added. 

At the same time, the government of Czechia confirmed suffering the same fate in 2023: "Czechia is deeply concerned by these repeated cyber attacks by state actors. We are determined to respond strongly to this unacceptable behavior together with our European and international partners," the Czech Ministry of Foreign Affairs was cited saying.

The EU, NATO, the US, and the UK, all formally condemned APT28’s attacks. 

"We call on Russia to stop this malicious activity and abide by its international commitments and obligations," the U.S. State Department said in a written statement. 

"With the EU and our NATO Allies, we will continue to take action to disrupt Russia’s cyber activities, protect our citizens and foreign partners, and hold malicious actors accountable."

For the past decade and a half, Russia has been waging wars on its neighboring countries, seizing control, one way or another, over territory around the Black Sea. In 2008, it targeted Georgia and to this day, according to the European Court of Human Rights, maintains “direct control” over the separatist regions of South Ossetia and Akhbazia (on the Black Stea). This was also the first war ever, in which cyber warfare coincided with military action. 

In 2014, it occupied the Crimean peninsula before, almost a decade later, occupying parts of Eastern Ukraine, also on the Black Sea. In both episodes of the conflict, cyberwarfare played a pivotal role. 

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

TOPICS