* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, June 26, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    George Lopez is coming to Spokane – KXLY.com

    George Lopez is coming to Spokane – KXLY.com

    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

    ‘Wheel of Fortune’: Amputee Wins $60,000 After Breaking Incredible ‘Curse’ – Hastings Tribune

    Wheel of Fortune’ Amputee Breaks Incredible ‘Curse’ to Win $60,000!

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    Safety concerns in Deep Ellum create apprehension as the entertainment district gains visitors – CBS News

    Safety Concerns Surge Amid Deep Ellum’s Booming Popularity and Growing Crowds

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Frontdoor Announces Tech Expert Dr. Bala Ganesh as Chief Technology Officer – Business Wire

    Frontdoor Appoints Tech Visionary Dr. Bala Ganesh as New Chief Technology Officer

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    China’s Military Introduces Mosquito-Sized Drones: A Game-Changing Surveillance Technology – Indian Defence Review

    China Unveils Mosquito-Sized Drones: Revolutionizing Surveillance Technology

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Promising Technology Stocks To Follow Today – June 22nd – MarketBeat

    Top Technology Stocks to Watch Today – June 22nd

    Technology Convergence Report 2025 – The World Economic Forum

    Technology Convergence Report 2025 – The World Economic Forum

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    George Lopez is coming to Spokane – KXLY.com

    George Lopez is coming to Spokane – KXLY.com

    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

    ‘Wheel of Fortune’: Amputee Wins $60,000 After Breaking Incredible ‘Curse’ – Hastings Tribune

    Wheel of Fortune’ Amputee Breaks Incredible ‘Curse’ to Win $60,000!

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    Safety concerns in Deep Ellum create apprehension as the entertainment district gains visitors – CBS News

    Safety Concerns Surge Amid Deep Ellum’s Booming Popularity and Growing Crowds

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Frontdoor Announces Tech Expert Dr. Bala Ganesh as Chief Technology Officer – Business Wire

    Frontdoor Appoints Tech Visionary Dr. Bala Ganesh as New Chief Technology Officer

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    China’s Military Introduces Mosquito-Sized Drones: A Game-Changing Surveillance Technology – Indian Defence Review

    China Unveils Mosquito-Sized Drones: Revolutionizing Surveillance Technology

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Promising Technology Stocks To Follow Today – June 22nd – MarketBeat

    Top Technology Stocks to Watch Today – June 22nd

    Technology Convergence Report 2025 – The World Economic Forum

    Technology Convergence Report 2025 – The World Economic Forum

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Fancy Bear targets Nato entities via critical Outlook flaw

December 8, 2023
in Technology
Fancy Bear targets Nato entities via critical Outlook flaw
Share on FacebookShare on Twitter

A vulnerability patched in March has likely been exploited by the Russian state actor Fancy Bear, for over two years, according to the latest intelligence

Alex Scroxton

By

Alex Scroxton,
Security Editor

Published: 08 Dec 2023 13:15

The Kremlin-backed advanced persistent threat (APT) actor known to the cyber community variously as APT28, Fighting Ursa, Forest Blizzard and most famously, Fancy Bear, may have been exploiting a critical elevation of privilege (EoP) zero-day in Microsoft Outlook much earlier and more widely than thought.

CVE-2023-23397 was officially disclosed and patched back in March 2023. It is a particularly nasty bug, exploited by sending a specially crafted email to the victim, but because it can be triggered server-side, they do not actually need to open or view it to become compromised.

A few days after that, Mandiant’s John Hultquist warned that the vulnerability had likely been exploited by Moscow against Ukrainian targets for well over 12 months. Then, earlier in December, Microsoft and Polish Cyber Command warned that exploitation of the bug was ongoing.

Now, new evidence published by the Unit 42 team at Palo Alto Networks has revealed that Fancy Bear has been using the zero-day liberally over the past 20 months, in three distinct campaigns dating from March to December of 2022 – in March of 2023, and most recently between September and October of this year, targeting least 30 organisations in 14 nations, the majority of them Nato members.

Victimology extends across multiple sectors, including energy production and distribution; pipeline operations; materiel, personal and air transport; and various government defence, foreign and internal affairs and economic ministries.

The targeted countries were Bulgaria, Czechia, Italy, Jordan, Lithuania, Luxembourg, Montenegro, Poland, Romania, Slovakia, Türkiye, Ukraine, the United Arab Emirates and the United States, as well as the Nato High Readiness Force Headquarters, which are dispersed across Europe in the UK, France, Germany, Greece, Poland and Türkiye.

Unit 42 said its discovery offered valuable insight into Russian state targeting priorities during the ongoing war in Ukraine. “Delving into more than 50 observed samples in which Fighting Ursa targeted victims with CVE-2023-23397 provides unique and informative insights into Russian military priorities during a time of international conflict for them,” the team wrote.

“Zero-day exploits by their nature are valuable commodities for APTs. Threat actors only use these exploits when the rewards associated with the access and intelligence gained outweigh the risk of public discovery of the exploit.

“Using a zero-day exploit against a target indicates it is of significant value. It also suggests that existing access and intelligence for that target were insufficient at the time.

“In the second and third campaigns, Fighting Ursa continued to use a publicly known exploit that was already attributed to them, without changing their techniques. This suggests that the access and intelligence generated by these operations outweighed the ramifications of public outing and discovery,” they said.

“For these reasons, the organisations targeted in all three campaigns were most likely a higher than normal priority for Russian intelligence.”

How CVE-2023-23397 works

CVE-2023-23397 targets Windows NT LAN Manager (NTLM), a challenge-response authentication protocol that is known to be prone to what are known as relay attacks, as a result of with Microsoft has used Kerberos as its default protocol sine Windows 2000.

Unfortunately for Microsoft users, many Microsoft systems, including Outlook, will default back to NTLM as a failsafe if Kerberos is not feasible.

In the exploitation chain, a vulnerable or misconfigured Outlook instance receives a specially crafted email and sends NTLM authentication message to a remote file share controlled by Fancy Bear. It receives back an NTLMv2 hash which the APT then uses to impersonate the victim and gain access to their network.

Kennet Harpsøe, Logpoint senior cyber analyst, commented: “Given the overall political situation the described attack should not come as a surprise for anyone…NTLM is ancient and depreciated. The modern replacement is Kerberos [which] is standard even in Windows networks, but NTLM is used as a fall back and is thus still widely used despites its numerous and well-known security flaws. 

“If you can, disable NTLM in your AD, and if you cannot, make sure to monitor the NTLM traffic on your network. Are new users all of a sudden using NTLM authentication all the time? NTLM authentication requests should normally not be leaving your network. If they do, it should be thoroughly investigated. Track all NTLM replay attempts in your network from your AD log,” he said. 

“Enforce Signing (SMB/LDAP) and Extended Protection for Authentication (EPA) for all relevant servers, like domain controllers and email servers, to defeat most replay attacks. 

Added Harpsøe: “Finally, one wonders why it is still not standard to encrypt emails at rest, with keys private to the recipients. PGP has been around for a long time. It’s not much fun stealing emails if you can’t read them!”

Busy bears

Unit 42’s latest disclosure about the extent of malicious Russian cyber activity comes in the wake of major new intelligence published yesterday by the UK’s National Cyber Security Centre (NCSC) and partner agencies in which a campaign of cyber attacks on the British political process was firmly attributed to a Federal Security Service (FSB) group called Star Blizzard, but also tracked as Cold River and Seaborgium among other names.

The government judges this campaign to be so serious in its nature that it yesterday summoned the Russian ambassador to account for it, and placed two named individuals, including an FSB agent, on the UK’s financial sanctions list over their involvement in an attack on a prominent thinktank.

Star Blizzard is known to be run by the FSB’s Centre 18 unit, whereas Fancy Bear is more likely controlled by the General Staff Main Intelligence Directorate (GRU) 85th special Service Centre’s (GTsSS) Unit 26165 unit.

While both the FSB and GRU are successor units to the Soviet-era KGB beloved by generations of spy fiction writers, the FSB is responsible for counter-intelligence, state security and intelligence gathering outside Russia’s borders, and reports directly to Vladimir Putin.

The GRU, meanwhile, is the primary intelligence service of the Russian Armed Services, and unlike the FSB is ultimately subordinate to Moscow’s military command structure. The GRU is considered to be Russia’s largest intelligence service, and it also controls the country’s infamous Spetsnaz special forces.

Formed during the Cold War, the Spetsnaz saw action during the Prague Spring of 1968 and the Soviet invasion of Afghanistan. More recently they were the so-called Little Green Men seen in Crimea prior to its illegal annexation from Ukraine in 2014, and have participated in various actions on Ukrainian soil since February 2022, including sabotage against key targets, and potentially assassination attempts against Ukrainian president Volodymyr Zelensky.

Read more on Hackers and cybercrime prevention


Fancy Bear hackers still exploiting Microsoft Exchange flaw

ArielleWaldman

By: Arielle Waldman


Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service

AlexScroxton

By: Alex Scroxton


Akamai bypasses mitigation for critical Microsoft Outlook flaw

ArielleWaldman

By: Arielle Waldman


Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine

AlexScroxton

By: Alex Scroxton

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366562615/Fancy-Bear-targets-Nato-entities-via-critical-Outlook-flaw

Tags: Fancytargetstechnology
Previous Post

AMD goes after Nvidia with AI accelerator and software library

Next Post

Former Post Office investigator called subpostmaster campaigners ‘crooks’

Vanderburgh County Health Department Takes Bold Action Against Vaccine Hesitancy

June 26, 2025
Why Trump needs the world to believe Iran’s nuclear program is ‘obliterated’ – CNN

Why Trump Wants the World to Believe Iran’s Nuclear Program Is Completely Destroyed

June 26, 2025
House panel wrangles on rail safety technology – FreightWaves

House Panel Sparks Debate Over the Future of Rail Safety Technology

June 26, 2025
The Desert Sun unveils its Top Spring Athletes: History-makers and record-breakers – The Desert Sun

Meet This Spring’s Top Athletes: History-Makers and Record-Breakers Revealed!

June 26, 2025
HUD to move into the National Science Foundation headquarters, no current plan on where to relocate NSF employees – Government Executive

HUD to move into the National Science Foundation headquarters, no current plan on where to relocate NSF employees – Government Executive

June 25, 2025

Protecting the Boundless Future of U.S. Science: Tackling Tomorrow’s Challenges Today

June 25, 2025
LVMH’s Paris Olympics partnership wins Luxury and Lifestyle Grand Prix – Ad Age

LVMH Shines Bright with Luxury and Lifestyle Victory at Paris Olympics Partnership

June 25, 2025
Why the Strait of Hormuz, A Vital Oil Route, Is Vulnerable to Israel-Iran Conflict – The New York Times

Why the Strait of Hormuz, A Vital Oil Route, Is Vulnerable to Israel-Iran Conflict – The New York Times

June 25, 2025
Dying honey bees are threatening California’s economy. Can Central Valley lawmakers save them? – CalMatters

Dying honey bees are threatening California’s economy. Can Central Valley lawmakers save them? – CalMatters

June 25, 2025
Butler launches sports, entertainment institute focused on local events – Inside INdiana Business

Butler Launches Exciting New Sports and Entertainment Institute Spotlighting Local Events

June 25, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (698)
  • Economy (717)
  • Entertainment (21,612)
  • General (15,568)
  • Health (9,757)
  • Lifestyle (722)
  • News (22,149)
  • People (719)
  • Politics (725)
  • Science (15,935)
  • Sports (21,214)
  • Technology (15,702)
  • World (697)

Recent News

Vanderburgh County Health Department Takes Bold Action Against Vaccine Hesitancy

June 26, 2025
Why Trump needs the world to believe Iran’s nuclear program is ‘obliterated’ – CNN

Why Trump Wants the World to Believe Iran’s Nuclear Program Is Completely Destroyed

June 26, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version