Extensive APT28 attack campaign with Outlook zero-day detailed

At least 30 organizations across 14 countries, most of which are part of NATO, and a NATO Rapid Deployable Corps have been targeted by Russian state-sponsored threat operation APT28, also known as Fancy Bear, Fighting Ursa, and Sofacy, in attacks involving the exploitation of a Microsoft Outlook vulnerability, tracked as CVE-2023-23397, during the past 20 months, reports BleepingComputer. Organizations in the energy production and distribution, material, personnel, and air transportation, and pipeline operations sectors were also subjected to such intrusions, according to a report from Palo Alto Networks' Unit 42. While initial attacks using the flaw as a zero-day suggested insufficient access and intelligence to targeted systems, APT28's subsequent campaigns that had no tactical modifications indicated intelligence that overshadowed public discovery risks, said Unit 42 researchers. "For these reasons, the organizations targeted in all three campaigns were most likely a higher than normal priority for Russian intelligence," Unit 42 added.