VERY IMPORTANT

Pawn Storm (also known as APT28 and Forest Blizzard) is an advanced persistent threat (APT) actor that shows incessant and lasting repetitions in its tactics, techniques, and procedures (TTPs). The group targets organizations dealing with foreign affairs, energy, defense, and transportation, as well as organizations involved with labor, social welfare, finance, parenthood, and even local city councils. Pawn Storm employs a wide range of tools to hide their tracks, including VPN services, Tor, compromised routers, and hacked email accounts. The group has been using brute-force attacks since 2019 to access corporate and government accounts. Pawn Storm also exploits vulnerabilities like CVE-2023-23397 in Outlook and CVE-2023-38831 in WinRAR to steal Net-NTLMv2 hashes for use in further attacks. Defenders can use the indicators of compromise listed in the report to check if their organization has been targeted.