MORE FROM FORBES Has Amazon's Ring Been Hacked? Ransomware Gang Posts Threat To Leak Data By Davey Winder What do you need to do now? In order to exploit CVE-2023-23397, which Mandiant says is 'trivial' to execute, an attacker needs to send a malicious email with an "extended MAPI property that contains a UNC path to SMB (TCP 445) share on an attacker-controlled server." This kicks off what is known as a 'Pass the Hash' attack, but in this case, is triggered upon receipt of the email by an unpatched Outlook client, without the target even viewing it. Indeed, Mandiant says that it "anticipates broad, rapid adoption of the CVE-2023-23397 exploit by multiple nation-state and financially motivated actors, including both criminal and cyber espionage actors." Pass the Hash attack Given that this is a no-user-interaction exploit, the potential for harm is high. The race has already begun." Multiple proofs-of-concept now widely availableįurthermore, Mandiant says that multiple proofs-of-concept are now widely available.
This is an excellent tool for nation-state actors and criminals alike who will be on a bonanza in the short term.
"These are spies, and they have a long track record of successfully evading our notice. "This is more evidence that aggressive, disruptive, and destructive cyberattacks may not remain constrained to Ukraine and a reminder that we cannot see everything," John Hultquist, head of Mandiant Intelligence Analysis at Google Cloud, said.
0 kommentar(er)
