We now know how APT28, a known Russian state-sponsored threat actor, managed to compromise multiple email accounts of the Executive Committee of the German Social Democratic Party in 2022 – via a security flaw in Microsoft Outlook.
The German federal government said APT28 exploited a vulnerability in Microsoft Outlook, tracked as CVE-2023-23397, to compromise the accounts.
The hackers targeted government, military, energy and transportation organizations, in countries that are part of both the European Union and NATO, as well as Ukrainian government agencies and NATO’s Rapid Response Corps.
Disrupting the Russian campaigns
Germany, the Czech Republic, NATO and the European Union came together to detail APT28’s activities over the past few years, calling them “intolerable and unacceptable.”
“Russian state hackers attacked Germany in cyberspace. This is absolutely intolerable and unacceptable and will have consequences,” added German Foreign Minister Annalena Baerbock.
At the same time, the government of the Czech Republic confirmed that it would suffer the same fate in 2023: “The Czech Republic is deeply concerned about these repeated cyber attacks by state actors. We are committed to responding strongly to this unacceptable behavior together with our European and international partners.” This was said by the Czech Ministry of Foreign Affairs.
The EU, NATO, US and UK have all formally condemned APT28’s attacks.
“We call on Russia to stop these malicious activities and abide by its international obligations,” the US State Department said in a written statement.
“Together with the EU and our NATO allies, we will continue to take action to disrupt Russia’s cyber activities, protect our citizens and foreign partners, and hold malicious actors accountable.”
Over the past fifteen years, Russia has waged wars against its neighbors, somehow gaining control of the territory around the Black Sea. In 2008 it targeted Georgia and to this day it retains, according to the European Court of Human Rights, “direct control” over the separatist regions of South Ossetia and Akhbazia (on the Black Stea). This was also the first war ever in which cyber warfare coincided with military action.
In 2014, the country occupied Crimea before, almost a decade later, occupying parts of eastern Ukraine, also on the Black Sea. Cyber warfare played a central role in both episodes of the conflict.
Through BleepingComputer