* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Tuesday, June 3, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Salem’s Harborwalk Garden Cultivates Community with Entertainment, Food, and Events – 105.7 WROR

    Discover the Vibrant Community Spirit at Salem’s Harborwalk Garden: A Hub for Entertainment, Food, and Fun!

    Entertainment-Focused Narrative and Culture Change Practice – New America

    Transforming Culture Through Engaging Entertainment Narratives

    Rising stars: Young classical musicians surging on social media – Yahoo

    Meet the Next Generation of Classical Music Sensations Making Waves on Social Media!

    Devin Harjes Dies: ‘Manifest’ & ‘Boardwalk Empire’ Actor Was 41 – WyomingNews.com

    Tragic Loss: Devin Harjes, Star of ‘Manifest’ and ‘Boardwalk Empire,’ Passes Away at 41

    Why Starz Entertainment Stock Soared Today – The Motley Fool

    Unpacking the Surge: What Fueled Starz Entertainment’s Stock Explosion Today!

    Unveiling the Enigmatic: First Looks at Destruction and Puck in ‘The Sandman

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    AI for lawyers: Win back your time using technology – nationaljurist.com

    Reclaim Your Time: How AI is Transforming the Legal Profession

    Prosecutors accuse men of exporting U.S. military technology to China – Milwaukee Journal Sentinel

    Men Charged with Illegally Exporting U.S. Military Technology to China

    ROLAND’S NEW WIRELESS TRIGGER TECHNOLOGY, PORTER & DAVIES ON TOUR, NEW 64 AUDIO ASPIRE UNIVERSAL IEM MODELS, WAVES FREE PLUGIN PACK – Modern Drummer Magazine

    ROLAND’S NEW WIRELESS TRIGGER TECHNOLOGY, PORTER & DAVIES ON TOUR, NEW 64 AUDIO ASPIRE UNIVERSAL IEM MODELS, WAVES FREE PLUGIN PACK – Modern Drummer Magazine

    This giant microwave may change the future of war – MIT Technology Review

    Revolutionizing Warfare: The Impact of a Game-Changing Giant Microwave

    Bajeed Pattan Joins Forbes Technology Council as Innovation Leader – PRWeb

    Bajeed Pattan Takes the Helm as Innovation Leader at Forbes Technology Council!

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Salem’s Harborwalk Garden Cultivates Community with Entertainment, Food, and Events – 105.7 WROR

    Discover the Vibrant Community Spirit at Salem’s Harborwalk Garden: A Hub for Entertainment, Food, and Fun!

    Entertainment-Focused Narrative and Culture Change Practice – New America

    Transforming Culture Through Engaging Entertainment Narratives

    Rising stars: Young classical musicians surging on social media – Yahoo

    Meet the Next Generation of Classical Music Sensations Making Waves on Social Media!

    Devin Harjes Dies: ‘Manifest’ & ‘Boardwalk Empire’ Actor Was 41 – WyomingNews.com

    Tragic Loss: Devin Harjes, Star of ‘Manifest’ and ‘Boardwalk Empire,’ Passes Away at 41

    Why Starz Entertainment Stock Soared Today – The Motley Fool

    Unpacking the Surge: What Fueled Starz Entertainment’s Stock Explosion Today!

    Unveiling the Enigmatic: First Looks at Destruction and Puck in ‘The Sandman

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    AI for lawyers: Win back your time using technology – nationaljurist.com

    Reclaim Your Time: How AI is Transforming the Legal Profession

    Prosecutors accuse men of exporting U.S. military technology to China – Milwaukee Journal Sentinel

    Men Charged with Illegally Exporting U.S. Military Technology to China

    ROLAND’S NEW WIRELESS TRIGGER TECHNOLOGY, PORTER & DAVIES ON TOUR, NEW 64 AUDIO ASPIRE UNIVERSAL IEM MODELS, WAVES FREE PLUGIN PACK – Modern Drummer Magazine

    ROLAND’S NEW WIRELESS TRIGGER TECHNOLOGY, PORTER & DAVIES ON TOUR, NEW 64 AUDIO ASPIRE UNIVERSAL IEM MODELS, WAVES FREE PLUGIN PACK – Modern Drummer Magazine

    This giant microwave may change the future of war – MIT Technology Review

    Revolutionizing Warfare: The Impact of a Game-Changing Giant Microwave

    Bajeed Pattan Joins Forbes Technology Council as Innovation Leader – PRWeb

    Bajeed Pattan Takes the Helm as Innovation Leader at Forbes Technology Council!

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Fancy Bear targets Nato entities via critical Outlook flaw

December 8, 2023
in Technology
Fancy Bear targets Nato entities via critical Outlook flaw
Share on FacebookShare on Twitter

A vulnerability patched in March has likely been exploited by the Russian state actor Fancy Bear, for over two years, according to the latest intelligence

Alex Scroxton

By

Alex Scroxton,
Security Editor

Published: 08 Dec 2023 13:15

The Kremlin-backed advanced persistent threat (APT) actor known to the cyber community variously as APT28, Fighting Ursa, Forest Blizzard and most famously, Fancy Bear, may have been exploiting a critical elevation of privilege (EoP) zero-day in Microsoft Outlook much earlier and more widely than thought.

CVE-2023-23397 was officially disclosed and patched back in March 2023. It is a particularly nasty bug, exploited by sending a specially crafted email to the victim, but because it can be triggered server-side, they do not actually need to open or view it to become compromised.

A few days after that, Mandiant’s John Hultquist warned that the vulnerability had likely been exploited by Moscow against Ukrainian targets for well over 12 months. Then, earlier in December, Microsoft and Polish Cyber Command warned that exploitation of the bug was ongoing.

Now, new evidence published by the Unit 42 team at Palo Alto Networks has revealed that Fancy Bear has been using the zero-day liberally over the past 20 months, in three distinct campaigns dating from March to December of 2022 – in March of 2023, and most recently between September and October of this year, targeting least 30 organisations in 14 nations, the majority of them Nato members.

Victimology extends across multiple sectors, including energy production and distribution; pipeline operations; materiel, personal and air transport; and various government defence, foreign and internal affairs and economic ministries.

The targeted countries were Bulgaria, Czechia, Italy, Jordan, Lithuania, Luxembourg, Montenegro, Poland, Romania, Slovakia, Türkiye, Ukraine, the United Arab Emirates and the United States, as well as the Nato High Readiness Force Headquarters, which are dispersed across Europe in the UK, France, Germany, Greece, Poland and Türkiye.

Unit 42 said its discovery offered valuable insight into Russian state targeting priorities during the ongoing war in Ukraine. “Delving into more than 50 observed samples in which Fighting Ursa targeted victims with CVE-2023-23397 provides unique and informative insights into Russian military priorities during a time of international conflict for them,” the team wrote.

“Zero-day exploits by their nature are valuable commodities for APTs. Threat actors only use these exploits when the rewards associated with the access and intelligence gained outweigh the risk of public discovery of the exploit.

“Using a zero-day exploit against a target indicates it is of significant value. It also suggests that existing access and intelligence for that target were insufficient at the time.

“In the second and third campaigns, Fighting Ursa continued to use a publicly known exploit that was already attributed to them, without changing their techniques. This suggests that the access and intelligence generated by these operations outweighed the ramifications of public outing and discovery,” they said.

“For these reasons, the organisations targeted in all three campaigns were most likely a higher than normal priority for Russian intelligence.”

How CVE-2023-23397 works

CVE-2023-23397 targets Windows NT LAN Manager (NTLM), a challenge-response authentication protocol that is known to be prone to what are known as relay attacks, as a result of with Microsoft has used Kerberos as its default protocol sine Windows 2000.

Unfortunately for Microsoft users, many Microsoft systems, including Outlook, will default back to NTLM as a failsafe if Kerberos is not feasible.

In the exploitation chain, a vulnerable or misconfigured Outlook instance receives a specially crafted email and sends NTLM authentication message to a remote file share controlled by Fancy Bear. It receives back an NTLMv2 hash which the APT then uses to impersonate the victim and gain access to their network.

Kennet Harpsøe, Logpoint senior cyber analyst, commented: “Given the overall political situation the described attack should not come as a surprise for anyone…NTLM is ancient and depreciated. The modern replacement is Kerberos [which] is standard even in Windows networks, but NTLM is used as a fall back and is thus still widely used despites its numerous and well-known security flaws. 

“If you can, disable NTLM in your AD, and if you cannot, make sure to monitor the NTLM traffic on your network. Are new users all of a sudden using NTLM authentication all the time? NTLM authentication requests should normally not be leaving your network. If they do, it should be thoroughly investigated. Track all NTLM replay attempts in your network from your AD log,” he said. 

“Enforce Signing (SMB/LDAP) and Extended Protection for Authentication (EPA) for all relevant servers, like domain controllers and email servers, to defeat most replay attacks. 

Added Harpsøe: “Finally, one wonders why it is still not standard to encrypt emails at rest, with keys private to the recipients. PGP has been around for a long time. It’s not much fun stealing emails if you can’t read them!”

Busy bears

Unit 42’s latest disclosure about the extent of malicious Russian cyber activity comes in the wake of major new intelligence published yesterday by the UK’s National Cyber Security Centre (NCSC) and partner agencies in which a campaign of cyber attacks on the British political process was firmly attributed to a Federal Security Service (FSB) group called Star Blizzard, but also tracked as Cold River and Seaborgium among other names.

The government judges this campaign to be so serious in its nature that it yesterday summoned the Russian ambassador to account for it, and placed two named individuals, including an FSB agent, on the UK’s financial sanctions list over their involvement in an attack on a prominent thinktank.

Star Blizzard is known to be run by the FSB’s Centre 18 unit, whereas Fancy Bear is more likely controlled by the General Staff Main Intelligence Directorate (GRU) 85th special Service Centre’s (GTsSS) Unit 26165 unit.

While both the FSB and GRU are successor units to the Soviet-era KGB beloved by generations of spy fiction writers, the FSB is responsible for counter-intelligence, state security and intelligence gathering outside Russia’s borders, and reports directly to Vladimir Putin.

The GRU, meanwhile, is the primary intelligence service of the Russian Armed Services, and unlike the FSB is ultimately subordinate to Moscow’s military command structure. The GRU is considered to be Russia’s largest intelligence service, and it also controls the country’s infamous Spetsnaz special forces.

Formed during the Cold War, the Spetsnaz saw action during the Prague Spring of 1968 and the Soviet invasion of Afghanistan. More recently they were the so-called Little Green Men seen in Crimea prior to its illegal annexation from Ukraine in 2014, and have participated in various actions on Ukrainian soil since February 2022, including sabotage against key targets, and potentially assassination attempts against Ukrainian president Volodymyr Zelensky.

Read more on Hackers and cybercrime prevention


Fancy Bear hackers still exploiting Microsoft Exchange flaw

ArielleWaldman

By: Arielle Waldman


Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service

AlexScroxton

By: Alex Scroxton


Akamai bypasses mitigation for critical Microsoft Outlook flaw

ArielleWaldman

By: Arielle Waldman


Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine

AlexScroxton

By: Alex Scroxton

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366562615/Fancy-Bear-targets-Nato-entities-via-critical-Outlook-flaw

Tags: Fancytargetstechnology
Previous Post

AMD goes after Nvidia with AI accelerator and software library

Next Post

Former Post Office investigator called subpostmaster campaigners ‘crooks’

Plan to control nonpoint sources of pollution – Washington State Department of Ecology (.gov)

Taking Charge: Strategies to Tackle Nonpoint Source Pollution in Washington State

June 3, 2025
The Uncertain and Shifting Future of Ph.D.s in Science – Undark Magazine

Navigating the Unpredictable Future of Science Ph.D.s: Challenges and Opportunities Ahead

June 3, 2025
‘Sport Science’ host John Brenkus dies after battle with depression – ABC News

‘Sport Science’ host John Brenkus dies after battle with depression – ABC News

June 3, 2025
Cost of ‘minimum retirement lifestyle’ has fallen amid lower energy prices – London Evening Standard

Affordable Retirement: How Lower Energy Prices Are Redefining Minimum Lifestyle Costs

June 3, 2025
Opinion | Poland Just Sent an Ominous Signal to the World – The New York Times

Poland’s Alarming Message to the Global Community

June 3, 2025
Report ranks Iowa as state with the worst economy – KCRG

Report ranks Iowa as state with the worst economy – KCRG

June 3, 2025
Salem’s Harborwalk Garden Cultivates Community with Entertainment, Food, and Events – 105.7 WROR

Discover the Vibrant Community Spirit at Salem’s Harborwalk Garden: A Hub for Entertainment, Food, and Fun!

June 3, 2025
18 High-Protein Breakfasts for Better Gut Health – EatingWell

Boost Your Gut Health with These 18 Delicious High-Protein Breakfasts!

June 3, 2025
Diagnosis for 6.2.25: Checking the pulse of Florida health care news and policy – Florida Politics

Diagnosis for 6.2.25: Checking the pulse of Florida health care news and policy – Florida Politics

June 3, 2025
Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

June 3, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (662)
  • Economy (676)
  • Entertainment (21,582)
  • General (15,258)
  • Health (9,719)
  • Lifestyle (679)
  • News (22,149)
  • People (677)
  • Politics (685)
  • Science (15,897)
  • Sports (21,181)
  • Technology (15,663)
  • World (664)

Recent News

Plan to control nonpoint sources of pollution – Washington State Department of Ecology (.gov)

Taking Charge: Strategies to Tackle Nonpoint Source Pollution in Washington State

June 3, 2025
The Uncertain and Shifting Future of Ph.D.s in Science – Undark Magazine

Navigating the Unpredictable Future of Science Ph.D.s: Challenges and Opportunities Ahead

June 3, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version