Amazon Stymies APT29 Credential Theft Campaign
A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft's device code authentication flow.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft's device code authentication flow.
Researchers have disrupted an operation attributed to Russian state-sponsored threat group Midnight Blizzard, who sought access to Microsoft 365 accounts and data. [...]
The campaign shows APT29’s intentions to “cast a wider net in their intelligence collection efforts,” said Amazon
Look who's visiting the watering hole these days Amazon today said it disrupted an intel-gathering attempt by Russia's APT29 to trick Microsoft users into unwittingly granting the Kremlin-backed cyberspies access to their accounts and data.…
Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts
Microsoft, CrowdStrike, and pals promise clarity on cybercrew naming, deliver alias salad instead Opinion Microsoft and CrowdStrike made a lot of noise on Monday about teaming up with other threat-intel outfits to "bring clarity to threat-actor naming."…
Russian SVR Targeting Government, Academia, Defense Organizations GloballyA Russian-state hacking group is posing as Microsoft employees and sending malicious configuration files as email attachments to target organizations across the world. The campaign has the hallmarks of a Midnight Blizzard phishing campaign although its use of an RDP configuration file is novel.
The prolific Midnight Blizzard crew cast a much wider net in search of scrummy intel Microsoft says a mass phishing campaign by Russia's foreign intelligence services (SVR) is now in its second week, and the spies are using a novel info-gathering technique.…
Microsoft has spotted a major spearphishing campaign from the Russian APT29 group using RDP for compromise
Kremlin intelligence carried out a wide-scale phishing campaign in contrast to its usual, more targeted operations.
Amazon has seized domains used by the Russian APT29 hacking group in targeted attacks against government and military organizations to steal Windows credentials and data using malicious Remote Desktop Protocol connection files. [...]
Though Federal Civilian Executive Branch (FCEB) agencies are the primary targets, CISA encourages all organizations to up their security, given the high risk.
CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. [...]
In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant. It wasn’t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple password spray attack to take control of
Threat group APT29 is using secrets stolen in an earlier attack to compromise Microsoft’s internal systems
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024
The Midnight Blizzard APT is mounting a sustained, focused cyber campaign against the computing kahuna, using secrets it stole from emails back in January.
Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack. [...]
Microsoft said the Russian nation-state group Midnight Blizzard obfuscated its attack through the use of an OAuth application
Threat actors created and abused OAuth apps to access Microsoft's corporate email environment and remain there for weeks.