Microsoft has warned that Russian APT actors exploited a zero-day vulnerability in Outlook as early as April 2022, and has urged organizations to hunt for signs of compromise. The vulnerability, tracked as CVE-2023-23397, was flagged as already exploited in a recent fix. Microsoft has attributed the attacks to Russian government-level hackers targeting government, transportation, energy, and military organizations in Europe. The critical-severity bug can leave very few forensic artifacts to discover, making it important to use an in-depth and comprehensive threat hunting strategy to identify nation-state hacking teams. Microsoft has published threat-hunting tips and guidance, as well as a CVE-2023-23397 detection script, and urged organizations to prioritize deploying the update as the flaw could lead to exploitation before the email is viewed in the Preview Pane.
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net
Source: Securityweek