KRITIS: Outlook zero-day vulnerability exploited for months
Mandiant experts believe that the Outlook zero-day vulnerability (CVE-2023-23397) has been used in Organization and Critical Infrastructure (KRITIS) attacks for almost 12 months and was also used by Russian actors in the Ukraine attack. Mandiant has tracked and documented early exploitation of the vulnerability under the tentative group name UNC4697. The attacks have now been publicly attributed to APT28, a Russian actor associated with the GRU secret service. The vulnerability has been deployed against government agencies, logistics companies, oil and gas operators, defense contractors, and the transport industry in Poland, Ukraine, Romania, and Turkey since April 2022. Outlook vulnerability…