Between April and December 2022, cybercriminals close to the Russian army gained access to the networks of nearly fifteen European military, logistics and energy organizations.
It was a hitherto unknown flaw. By infiltrating through Microsoft email software, Russian hackers gained access to the networks of European organizations. Active in the military, transport or energy fields, these entities only recently learned of this espionage.
Microsoft informed its customers in a report that the American media CNN was able to consult, and discovered by the specialized site Bleeping Computer. The IT giant has publicly disclosed the vulnerabilities in its Outlook email software, prompting its customers to perform an update.
“Microsoft released a security update…in March to help keep our customers safe and protected,” a spokesperson said in an emailed statement. According to him, “customers who apply this update or who have activated automatic updates are already protected”.
Privately, the company acknowledged that “less than 15” organizations were targeted or hacked by Russian hackers, close to the army. Nevertheless, the attacks benefited from a security breach in Microsoft’s software between April and December 2022.
The technique used in the cyberattacks was to send malicious notes and tasks to Outlook. This allowed the stealing of the NTLM hash pattern (an encryption protocol). Once recovered, the hackers forced the targeted devices to authenticate to shared networks they controlled. This gave them access to information.
Cybersecurity experts and American officials explain that the European entities targeted were part of the support of the Ukrainian forces, indicates CNN. According to them, internal networks have been scrutinized for intelligence that could provide an advantage both militarily – directly on the battlefield – and geopolitically.
