By
- Alex Scroxton, Security Editor
Released: 08 Dec 2023 13:15
A serious vulnerability that was revealed in March 2023 may have been exploited by the Russian state hacker group, Fancy Bear, for over 2 years, as per recent intelligence.
The Russian state-backed hacker group, also known as APT28, Fighting Ursa, Forest Blizzard, and more commonly as Fancy Bear, might have been using a zero-day elevation of privilege (EoP) vulnerability in Microsoft Outlook long before it was publicly disclosed in March 2023.
The vulnerability, CVE-2023-23397, was used to send specially crafted emails to victims, although it can be activated server-side without the victim needing to open or view the email themselves.
Subsequently, it was revealed that this vulnerability had likely been under exploitation by Moscow against Ukrainian targets for over a year. More recently, a new report suggests that Fancy Bear has been widely exploiting this zero-day vulnerability for the past 20 months, targeting at least 30 organizations in 14 countries.
Targeted sectors include energy production and distribution, pipeline operations, transportation, defense, foreign affairs, internal affairs, and financial ministries among others, impacting countries like the United States, Ukraine, and NATO member countries.
These findings provide valuable insights into the targeting priorities of the Russian state during the conflict in Ukraine. The usage of a zero-day exploit further emphasizes the significance and value of the targeted intelligence for the threat actors.