The NCSCC investigated cyberattacks by the russian group APT28, connected at defence intelligence of the general staff of the мinistry of defense of russian federation

The National Cybersecurity Coordination Center at the NSDC of Ukraine has investigated attacks by the russian hacker group APT28, which actively use the critical vulnerability CVE-2023-23397.

Among the main conclusions:

• The APT28 group has been conducting attacks using a zero-day vulnerability in the Outlook mail client for at least a year.
• during this time, companies became the victims of attacks: operators of gas transportation systems, private enterprises of satellite intelligence and radar systems, institutions and organizations of the Ministry of Foreign Affairs and NATO, companies developing and supplying IT solutions, etc.;
• the first attack was detected in March 2022 after the start of a full-scale invasion. Since then, a number of attacks on enterprises and organizations in Europe and the Middle East using a new critical vulnerability have been recorded.

You can read the report on APT28 attacks using the CVE-2023-23397 vulnerability in detail at the link.