The cybersecurity firm Palo Alto Networks disclosed that APT28, a Russian state-sponsored threat group, exploited a zero-click Outlook vulnerability (CVE-2023-23397) in attacks targeting around 30 organizations across 14 nations, including NATO countries. This critical vulnerability, capable of being triggered through crafted email messages without requiring the recipient to open the email, was initially identified in March 2023 and had been exploited by APT28 for approximately 20 months. The targets, predominantly entities within NATO member countries, encompassed defense, energy, transportation, and governmental organizations. Despite public awareness of the exploit, APT28 persisted in using this vulnerability, indicating the significant value the accessed intelligence held for Russian military interests. This revelation follows Microsoft’s recent update attributing the exploitation of CVE-2023-23397 to APT28, also known as Fancy Bear, among other aliases, a group infamous for various cyberattacks, including the 2016 US election hacking.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.