HQ/EMEAFind out how we can help your business
The German and Czech governments revealed that the Russian military intelligence hacking group Fancy Bear (aka APT28) had targeted political parties and critical infrastructure as part of an espionage campaign that started last year.
The authorities stated that this cybercriminal campaign targeted members of the German Social Democratic Party.
Reports claimed that the Russian hackers exploited an unnamed zero-day vulnerability in Microsoft Outlook. In addition, the gang targeted government IT networks, particularly in the energy supply sector, as well as private enterprises in the country’s logistics, weaponry, aerospace, and IT services.
The Czech Republic admitted that the Fancy Bear group was the perpetrator of the attack against their agencies and organisations.
Recently, the Czech Republic government admitted that the Fancy Bear group was behind attacks on its critical infrastructure and businesses using Outlook zero-day. The European Union and NATO criticised the strikes on European countries, asked Moscow to comply with international commitments, and condemned the hackers in their territory.
The European Union expressed their disappointment and said it would not tolerate the malicious cyber campaign and Russia’s continuous irresponsible behaviour in cyberspace.
On the other hand, NATO described APT28’s actions as sabotage as their campaigns have already targeted various countries, such as Estonia, Lithuania, Poland, Slovakia, and Sweden.
Neither the German nor Czech governments detailed the specifics of the Outlook vulnerability used by the organisation. Earlier this year, the US intelligence services stated that APT28 most likely used a bug patched by Microsoft in March 2023 to launch attacks on other central European countries.
The vulnerability, CVE-2023-23397, allowed these hackers to deceive Windows into giving hashed passwords by sending a backdated Microsoft Outlook appointment request with a parameter specifying the sound the email program should play when the appointment was overdue.
According to a Google representative, the group’s most recent operations indicate that it is not exclusively for a single party or country. Therefore, Western politicians with complicated relationships with the Russian army could become a prime target for cyberespionage.
Organisations that use an outdated version of MS Outlook should patch their application since there is a confirmed threat group that actively exploits the vulnerability within the software.
