We now know how APT28, a known Russian state-sponsored threat actor, managed to compromise multiple email accounts belonging to the Executive Committee of the German Social Democratic Party back in 2022 – it was via a security flaw in Microsoft Outlook.
The German Federal Government said APT28 abused a vulnerability in Microsoft Outlook, tracked as CVE-2023-23397, to compromise the accounts.
The hackers targeted government, military, energy and transportation organizations, in countries part of both the European Union and NATO, as well as Ukrainian government agencies, and NATO fast reaction corps.
