Russian hackers used Outlook exploit to attack European firms

16 Mar 2023

Image: © monticellllo/

Microsoft said the critical flaw could be exploited without the user’s knowledge and was used to attack a number of organisations in Europe.

Microsoft has issued a patch for a critical Outlook vulnerability, which was used by Russian hackers to launch cyberattacks on European organisations.

The company’s threat analysis claims that a “Russia-based threat actor” used the exploit to attack a “number of organisations in government, transportation, energy, and military sectors in Europe”.

The bug was listed as “critical” with a rating of 9.8 out of 10 by the US National Institute of Standards and Technology. The vulnerability impacts all supported versions of Outlook for Windows.

Windows said attackers could exploit the vulnerability by sending a “specially crafted email” that triggers automatically when it is received.

“This could lead to exploitation before the email is viewed in the Preview Pane,” Microsoft said in a security update. “External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers’ control.”

Microsoft has released a patch this week to fix the exploit and has urged all Outlook customers to update to remain secure. The tech giant also said it has communicated with affected customers.

The company acknowledged Ukraine’s Computer Emergency Response Team, which found and reported the vulnerability.

The flaw has been exploited by Russian-affiliated hackers since April 2022, according to a report seen by CNN.  This report also claims that fewer than “15 customers” have been affected by these attacks.

Concerns have been raised about cyberattacks coming from hacker groups in Russia since the invasion of Ukraine began last year.

Last November, the European Parliament website was hit by a “sophisticated” cyberattack that was believed to have been carried out by a pro-Russia hacker group.

Killnet, a pro-Russia group that has declared “war” on several European countries, claimed responsibility for the attack on its Telegram channel at the time.

Last June, a Microsoft report found that more Russian cyberattacks were being directed towards allies of Ukraine, such as the US, Baltic countries and NATO countries.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic