State-sponsored hackers are actively exploiting an Outlook vulnerability, CVE-2023-23397, to hijack Microsoft Exchange accounts and steal sensitive information.
Microsoft has identified a nation-state activity group tracked as Forest Blizzard (STRONTIUM), based in Russia, actively exploiting CVE-2023-23397 to gain access to email accounts within Exchange servers.
The hackers have targeted organizations in the United States, Europe, and the Middle East.
The vulnerability allows attackers to steal NTLM hashes, which can be used to gain unauthorized access to Exchange servers.
Microsoft patched the vulnerability in March 2023, but many organizations have not yet applied the patch.