159 views 16 secs 0 comments

Russian state-sponsored hackers exploiting Outlook vulnerability, Microsoft warns

Russian state-sponsored hackers exploiting Outlook vulnerability, Microsoft warns

Cybernews reports:

Microsoft is urging Outlook users to patch and update their systems to mitigate a new threat from Russia. Hackers associated with the Kremlin’s military intelligence agency GRU are exploiting the vulnerability to access victim’s emails.

Microsoft warned that a nation-state actor tracked as Forest Blizzard is actively exploiting a vulnerability to provide secret, unauthorized access to email accounts within Exchange servers. The US and the UK have linked this gang to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).

No user interaction is required for hackers to modify folder permissions within the victim’s mailbox, according to Polish Cyber ​​Command, which partnered with Microsoft in the investigation of the attacks. The threat actors employ a specially crafted message, a reminder, which triggers a password hash leak to the hacker’s servers when Outlook is open.

Read more at Cybernews.