Microsoft stated Monday it uncovered proof that Russia‘s government is responsible for hacks of its customers’ e-mail accounts and it labored with the Polish authorities to repel the cyberattackers.
“Microsoft has identified a nation-state activity group tracked as Forest Blizzard (STRONTIUM), based in Russia, actively exploiting CVE-2023-23397 to provide secret, unauthorized access to email accounts within Exchange servers,” Microsoft stated on its weblog.
The Big Tech firm didn’t establish the victims of the Russian hackers however stated Americans are within the hacking group’s crosshairs. Microsoft stated the U.S. and the U.Okay. have linked the Forest Blizzard hackers to Russia‘s military intelligence service, the GRU.
“The group Microsoft tracks as Forest Blizzard (STRONTIUM) is a Russian state-sponsored threat actor that primarily targets government, energy, transportation, and non-governmental organizations in the United States, Europe, and the Middle East,” Microsoft said.
Microsoft previously shared details of the complex breach in March, when it said hackers used the vulnerability as early as April 2022.
To prevent the hackers from exploiting the flaw now, Microsoft urged its customers to ensure their Outlook is patched and said its Microsoft Defender XDR software will help people learn if they were affected.
The Polish Cyber Command said Monday that the hacking technique was still being used by cyberattackers.
The Polish government said it has observed hackers using the vulnerability to open email inboxes by brute force and then changing permissions on individual folders to enable the hackers to scour emails.
“In cases identified by POL Cyber Command, folders permissions were modified, among others, in mailboxes that were high-value information targets for the adversary,” the Polish Cyber Command said on its website. “As a result of this change, the adversary was able to gain unauthorized access to the resources of high-value informational mailboxes through any compromised email account in the Exchange organization, using the Exchange Web Services (EWS) protocol.”
Poland is far from the only Western nation teaming up with Big Tech to battle Russia. The U.S. has relied upon Microsoft and other Big Tech companies to help stop Russian cyberattackers’ advances for the reason that invasion of Ukraine.
In February, the National Security Agency informed The Washington Times that it partnered with tech firms to defend Ukraine’s networks and forestall assaults that may very well be waged in opposition to the U.S. authorities.
Threats from Russian-affiliated hackers should not restricted to the warfare in Ukraine and the surreptitious invasion of individuals’s emails. Cyber teams linked to Russia and China allegedly hacked into the knowledge know-how techniques of Sellafield, a hazardous nuclear website within the U.Okay., in keeping with an investigation by the Guardian. The first breaches have been reportedly detected in 2015 and it’s unclear if the malware was ever eradicated.
