December 05, 2023 01:31 pm | Updated 01:31 pm IST

Russian state-sponsored threat actors were found to be actively exploiting a bug in Outlook to hijack Microsoft Exchange accounts and steal sensitive information.

Microsoft’s Threat Intelligence team while issuing a warning shared that the nation-state threat actor was identified as a Russian-based nation-state threat actor.

Hackers were using the flaw to target government agencies, along with organisations in the energy, transportation, and other key sectors. The attacks were largely focused on organisations in the United States, Europe, and the Middle East.

Microsoft also highlighted the exploitation of other vulnerabilities with publicly available exploits in the same attacks.

The warning highlights the use of known vulnerabilities by hackers despite the availability of security updates and security patches.

Users are advised to apply available security updates, reset passwords of compromised users and enable MFA (multi-factor authentication) for all users.

Organisations are also advised to reduce the attack surface across all interfaces and ensure all software products are regularly updated with the latest security patches.

Earlier this year, Microsoft had issued a similar warning against State-sponsored Chinese hackers. At the time the company said hackers infiltrated critical U.S. infrastructure networks. Microsoft along with the United States, and its Western allies also said that similar espionage attacks could be occurring globally.