Security news aggregator

Latest coverage for APT29

APT29 is an espionage-focused threat actor associated with Russian intelligence, making its tactics relevant to understanding state-backed cyber risk.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

APT29 is a sophisticated cyber espionage group linked to a nation-state, known for stealthy, long-term intrusions targeting government agencies, think tanks, and research institutions. They employ custom malware, zero-day exploits, and social engineering to gain initial access and maintain persistence, often using legitimate credentials to avoid detection. Their operations focus on intelligence collection rather than immediate disruption or destruction.

Security teams should watch for signs of credential compromise, lateral movement, and covert data exfiltration associated with APT29 activity. Defenses that emphasize multi-factor authentication, network segmentation, and behavioral anomaly detection can reduce risk. Understanding APT29’s tactics, techniques, and procedures (TTPs) enables more effective threat hunting and tailored monitoring to detect and mitigate espionage campaigns early.

Volume over time

Weekly headline count for the current query.

Showing 6 most recent headlines Filtered view
Bank Info Security 1 year, 8 months ago

Microsoft Warns of Ongoing Russian Intelligence Campaign

Russian SVR Targeting Government, Academia, Defense Organizations GloballyA Russian-state hacking group is posing as Microsoft employees and sending malicious configuration files as email attachments to target organizations across the world. The campaign has the hallmarks of a Midnight Blizzard phishing campaign although its use of an RDP configuration file is novel.

Midnight Blizzard Compromised Government Staff Emails for the Attack, French ANSSI SaidA Russian foreign intelligence hacking group attempted to target the French Foreign Ministry using compromised emails of government staffers, the French cyber agency said. It said the group poses a "national security concern" to French and European diplomatic interests.

Bank Info Security 2 years, 3 months ago

Russian Nation-State Hacker Targets German Political Parties

Latest APT29 Campaign Uses a Previously Unseen Malware BackdoorA Russian hacking group is targeting German political parties as part of a Moscow-backed espionage campaign. The latest APT29 campaign marks the first time the group has been seen targeting political organizations, according to researchers at Mandiant.

Bank Info Security 2 years, 3 months ago

Tactics for Battling Attacks by Russia's Midnight Blizzard

As Nation-State Group Hacks Big Targets, Trellix's John Fokker Details DefensesMajor technology vendors keep being hacked by the nation-state hacking group Midnight Blizzard. Essential defenses to combat such attacks begin with implementing log monitoring across multiple platforms to find red flags, said John Fokker, head of threat intelligence at Trellix.

Bank Info Security 2 years, 4 months ago

Russian Threat Actor APT29 Pivots to the Cloud for Espionage

Five Eyes Cyber Agencies Say Kremlin Hackers Are Following Victims to the CloudThe Russian intelligence hacking group known as APT29 or Cozy Bear is responding to the corporate migration to the cloud with matching hacking techniques, says an alert from international cyber agencies. Threat intelligence firms warn that APT29 has amplified its global cyberespionage operations.

Bank Info Security 2 years, 5 months ago

HPE Fingers Russian State Hackers for Email Hack

'Midnight Blizzard' Was Inside Company Network for 7 MonthsHewlett Packard Enterprise in an after-hours regulatory filing disclosed that suspected Russian state hackers had gained access to corporate email inboxes for more than seven months. A threat group tracked as "Midnight Blizzard" first penetrated HPE's cloud-based email service in May 2023.