Microsoft says Russia responsible for hack of email accounts

Microsoft said Monday it uncovered evidence that Russia‘s government is responsible for hacks of its customers’ email accounts and it worked with the Polish government to repel the cyberattackers.

Microsoft has identified a nation-state activity group tracked as Forest Blizzard (STRONTIUM), based in Russia, actively exploiting CVE-2023-23397 to provide secret, unauthorized access to email accounts within Exchange servers,” Microsoft said on its blog.

The Big Tech company did not identify the victims of the Russian hackers but said Americans are in the hacking group’s crosshairs. Microsoft said the U.S. and the U.K. have linked the Forest Blizzard hackers to Russia‘s military intelligence service, the GRU.

“The group Microsoft tracks as Forest Blizzard (STRONTIUM) is a Russian state-sponsored threat actor that primarily targets government, energy, transportation, and non-governmental organizations in the United States, Europe, and the Middle East,” Microsoft said.

Microsoft previously shared details of the complex breach in March, when it said hackers used the vulnerability as early as April 2022.

To prevent the hackers from exploiting the flaw now, Microsoft urged its customers to ensure their Outlook is patched and said its Microsoft Defender XDR software will help people learn if they were affected.

The Polish Cyber Command said Monday that the hacking technique was still being used by cyberattackers.

The Polish government said it has observed hackers using the vulnerability to open email inboxes by brute force and then changing permissions on individual folders to enable the hackers to scour emails.

“In cases identified by POL Cyber Command, folders permissions were modified, among others, in mailboxes that were high-value information targets for the adversary,” the Polish Cyber Command said on its website. “As a result of this change, the adversary was able to gain unauthorized access to the resources of high-value informational mailboxes through any compromised email account in the Exchange organization, using the Exchange Web Services (EWS) protocol.”

Poland is far from the only Western nation teaming up with Big Tech to battle Russia. The U.S. has relied upon Microsoft and other Big Tech companies to help stop Russian cyberattackers’ advances since the invasion of Ukraine.

In February, the National Security Agency told The Washington Times that it partnered with tech companies to defend Ukraine’s networks and prevent attacks that could be waged against the U.S. government.

Threats from Russian-affiliated hackers are not limited to the war in Ukraine and the surreptitious invasion of people’s emails. Cyber groups linked to Russia and China allegedly hacked into the information technology systems of Sellafield, a hazardous nuclear site in the U.K., according to an investigation by the Guardian. The first breaches were reportedly detected in 2015 and it is unclear if the malware was ever eliminated.

Source: WT