Global NTLM relay attacks deployed by APT28

5 February 2024

High-profile organizations around the world have been targeted with NTLM v2 hash relay attacks by Russian state-backed threat operation APT28, also known as Fancy Bear, BlueDelta, Pawn Storm, and Forest Blizzard, between April 2022 and November 2023, according to The Hacker News. APT28 has leveraged the critical Microsoft Outlook privilege escalation vulnerability, tracked as CVE-2023-23397, and high-severity WinRAR code execution flaw, tracked as CVE-2023-38831, to facilitate NTLM relay attacks aimed at compromising organizations’ mailboxes, a report from Trend Micro researchers revealed.

Source: SC Magazine

Date:

5 February 2024

Categorie(s):

NEWS

Tag(s):

APT28, Global, IT, Network Security, NTLM

Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 202428 April 2024
Security budgets are growing, but so is vendor sprawl27 April 2024
The Top 5 Benefits Of Using Outsourcing Services27 April 2024
How To Repair PST Files In Under 5 Minutes Like A Pro27 April 2024
How To Secure Your Snapchat Account27 April 2024