Security news aggregator

Latest coverage for APT29

APT29 is an espionage-focused threat actor associated with Russian intelligence, making its tactics relevant to understanding state-backed cyber risk.

17 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

APT29 is a sophisticated cyber espionage group linked to a nation-state, known for stealthy, long-term intrusions targeting government agencies, think tanks, and research institutions. They employ custom malware, zero-day exploits, and social engineering to gain initial access and maintain persistence, often using legitimate credentials to avoid detection. Their operations focus on intelligence collection rather than immediate disruption or destruction.

Security teams should watch for signs of credential compromise, lateral movement, and covert data exfiltration associated with APT29 activity. Defenses that emphasize multi-factor authentication, network segmentation, and behavioral anomaly detection can reduce risk. Understanding APT29’s tactics, techniques, and procedures (TTPs) enables more effective threat hunting and tailored monitoring to detect and mitigate espionage campaigns early.

Volume over time

Weekly headline count for the current query.

Showing 17 most recent headlines Filtered view

Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims' emails

In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant. It wasn’t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple password spray attack to take control of

The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and

Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality to achieve their objective. The attacker group Nobelium, linked with the SolarWinds attacks, has been

The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems