Russian Affiliated APT28 Exploited Microsoft Outlook Flaws To Hack European Entities

A security hole in Microsoft Outlook that was discovered early last year was used to attack certain unidentified businesses in the Czech Republic, according to a statement from the Ministry of Foreign Affairs (MFA) of the Czech Republic.

"Cyber attacks targeting political entities, state institutions and critical infrastructure are not only a threat to national security, but also disrupt the democratic processes on which our free society is based," according to the MFA.

Apart from the Czech Republic, Germany also revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S.

The threat actor was linked by Germany's Federal Government, or Bundesregierung, to a cyberattack that targeted the Social Democratic Party's Executive Committee and used the same Outlook vulnerability for a "relatively long period," allowing it to "compromise numerous email accounts."

The campaign targets a number of industry verticals, including associations, foundations, the air and space industry, armaments, logistics, and IT services, with locations in Germany, Ukraine, and Europe. The Bundesregierung also links the group to the 2015 attack on the German federal parliament (Bundestag).

It is estimated that APT28, also known under other aliases such as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Pawn Storm, Sednit, Sofacy, and TA422 is associated with Military Unit 26165 of the Russian Federation's military intelligence agency GRU.

"Recent activity by Russian GRU cyber group APT28, including the targeting of the German Social Democratic Party executive, is the latest in a known pattern of behavior by the Russian Intelligence Services to undermine democratic processes across the globe," the government of the United Kingdom stated.

APT28 is notorious for its "malicious, nefarious, destabilizing, and disruptive behavior," according to the U.S. Department of State, which also stated that APT28 is dedicated to "upholding the rules-based international order, including in cyberspace" and "security of our allies and partners."

Russia's hybrid efforts, according to NATO as well, "constitute a threat to Allied security." In response, the European Union Council said that the "malicious cyber campaign shows Russia's continuous pattern of irresponsible behavior in cyberspace."

Source: The Hacker News