Russian military intelligence hackers, known as Forest Blizzard (APT28/Fancy Bear), are actively exploiting a patched flaw in Microsoft Outlook, according to cybersecurity experts from Microsoft and Warsaw. The flaw, identified as CVE-2023-23397, allows remote, unauthenticated attackers to send specially crafted emails, leaking the user’s hashed Windows account password and enabling the “Pass the Hash” attack. Poland’s Cyber Command detected these malicious actions against public and private entities, raising concerns amid heightened geopolitical tensions between Poland and Russia.
The hackers, believed to be associated with the Russian General Staff Main Intelligence Directorate (GRU), employ advanced techniques like password-spraying attacks and modifying permissions on high-value Outlook inboxes for persistent access. Relations between Poland and Russia have further deteriorated, with Moscow considering Poland a “dangerous enemy.” Former Russian President Dmitry Medvedev warned of potential consequences for Poland’s statehood. The flaw in Microsoft Outlook, patched by Microsoft in March, has been exploited by Forest Blizzard for nearly a year, targeting government agencies, logistics, oil, defense, and transportation industries in Poland, Ukraine, Romania, and Turkey, as reported by threat intel firm Mandiant.
The hackers use tactics such as modifying inbox permissions and utilizing the Outlook API to exfiltrate contents, highlighting the evolving and sophisticated nature of state-sponsored cyber threats. The cyber attack underscores the geopolitical context, with Poland serving as a staging ground for military aid and refugees following Russia’s invasion of Ukraine. Microsoft’s identification of Forest Blizzard’s activities and the subsequent warning from Polish Cyber Command emphasize the ongoing need for organizations to prioritize cybersecurity measures and promptly apply security patches. The attackers’ utilization of advanced techniques showcases the persistent and adaptable nature of state-sponsored threat actors, posing significant challenges for nations and entities seeking to defend against cyber threats.