Russian hackers exploiting Outlook bug to hijack Exchange accounts

pWindows 11 Notepad gets a builtin character counter finallyppUK and allies expose Russian FSB hacking group sanction memberspp23andMe updates user agreement to prevent data breach lawsuitsppMeta rolls out default endtoend encryption on Messenger FacebookppMicrosoft Outlook email sending issues for users with lots of foldersppALPHV ransomware site outage rumored to be caused by law enforcementppPrivilege elevation exploits used in over 50 of insider attacksppAmazon sues REKK fraud gang that stole millions in illicit refundsppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to open a Windows 11 Command Prompt as AdministratorppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppeLearningppIT Certification CoursesppGear GadgetsppSecurityppppMicrosofts Threat Intelligence team issued a warning earlier today about the Russian statesponsored actor APT28 aka Fancybear or Strontium actively exploiting the CVE202323397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive informationppThe targeted entities include government energy transportation and other key organizations in the United States Europe and the Middle EastppThe tech giant also highlighted the exploitation of other vulnerabilities with publicly available exploits in the same attacks including CVE202338831 in WinRAR and CVE202140444 in Windows MSHTMLppppCVE202323397 is a critical elevation of privilege EoP vulnerability in Outlook on Windows which Microsoft fixed as a zeroday on the March 2023 Path TuesdayppThe disclosure of the flaw came with the revelation that APT28 had been exploiting it since April 2022 via specially crafted Outlook notes designed to steal NTLM hashes forcing the target devices to authenticate to attackercontrolled SMB shares without requiring user interactionppBy elevating their privileges on the system which was proven uncomplicated APT28 performed lateral movement in the victims environment and changed Outlook mailbox permissions to perform targeted email theftppDespite the availability of security updates and mitigation recommendations the attack surface remained significant and a bypass of the fix CVE202329324 that followed in May worsened the situationppRecorded Future warned in June that APT28 likely leveraged the Outlook flaw against key Ukrainian organizations In October the French cybersecurity agency ANSSI revealed that the Russian hackers had used the zeroclick attack against government entities businesses universities research institutes and think tanks in FranceppMicrosofts latest warning highlights that the GRU hackers still leverage CVE202338831 in attacks so there are still systems out there that remain vulnerable to the critical EoP flawppThe tech firm has also noted the work of the Polish Cyber Command Center DKWOC in helping detect and stop the attacks DKWOC also published a post describing APT28 activity that leverages CVE202338831ppThe recommended action to take right now listed by priority is the followingppGiven that APT28 is a highly resourceful and adaptive threat group the most effective defense strategy is to reduce the attack surface across all interfaces and ensure all software products are regularly updated with the latest security patchesppMicrosoft fixes Outlook zeroday used by Russian hackers since April 2022ppMicrosoft SysAid zeroday flaw exploited in Clop ransomware attacksppMicrosoft State hackers exploiting Confluence zeroday since SeptemberppRussian military hackers target NATO fast reaction corpsppHackers breach US govt agencies using Adobe ColdFusion exploitppNot a member yet Register NowppAtlassian patches critical RCE flaws across multiple productsppNissan is investigating cyberattack and potential data breachppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2023 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp