APT28, linked to Russia’s GRU military intelligence service, used this exploit in at least three malicious campaigns between March 2022 and October 2023. The first known exploit was used against Ukraine’s State Migration Service, just weeks after Russia’s invasion of Ukraine. The targets included energy and transportation organizations, as well as ministries of defense, internal affairs, foreign affairs, and economy in NATO countries, Ukraine, Jordan, and the United Arab Emirates.
Despite the discovery of the exploit by Ukrainian cybersecurity researchers and a public attribution to a Russia-based threat actor by Microsoft in March 2023, APT28 continued using this vulnerability. This persistence suggests that the intelligence value of these operations was significant for Russian military interests. Palo Alto Networks’ report aligns with Microsoft’s updated advisory, which attributes the exploitation of CVE-2023-23397 to APT28. Known by various names including Fancy Bear and Sofacy, APT28 has been implicated in numerous cyberattacks, including those against European countries and the 2016 US elections.
Source: SecurityWeek
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.