Amazon Stops Russian APT29 Watering Hole Attack Exploiting Microsoft Auth
The campaign shows APT29’s intentions to “cast a wider net in their intelligence collection efforts,” said Amazon
APT29 is an espionage-focused threat actor associated with Russian intelligence, making its tactics relevant to understanding state-backed cyber risk.
Search across headline titles and summaries.
Background for this topic.
APT29 is a sophisticated cyber espionage group linked to a nation-state, known for stealthy, long-term intrusions targeting government agencies, think tanks, and research institutions. They employ custom malware, zero-day exploits, and social engineering to gain initial access and maintain persistence, often using legitimate credentials to avoid detection. Their operations focus on intelligence collection rather than immediate disruption or destruction.
Security teams should watch for signs of credential compromise, lateral movement, and covert data exfiltration associated with APT29 activity. Defenses that emphasize multi-factor authentication, network segmentation, and behavioral anomaly detection can reduce risk. Understanding APT29’s tactics, techniques, and procedures (TTPs) enables more effective threat hunting and tailored monitoring to detect and mitigate espionage campaigns early.
Weekly headline count for the current query.
The campaign shows APT29’s intentions to “cast a wider net in their intelligence collection efforts,” said Amazon
Russian state actor Midnight Blizzard is using fake wine tasting events as a lure to spread malware for espionage purposes, according to Check Point
Microsoft has spotted a major spearphishing campaign from the Russian APT29 group using RDP for compromise
Russian-backed APT29 has been spying on US and European organizations since at least 2021, a US-UK joint advisory said
In a campaign targeting Mongolian government websites, Russian-backed APT29 leveraged exploits previously used by spyware vendors NSO Group and Intellexa
Remote software provider TeamViewer has revealed it has been hit by a cyber-attack that it attributes to Russian state actor Midnight Blizzard
The French cybersecurity agency has warned that Russian-aligned threat actor has been targeting public organizations for years
Mandiant observes what it claims is the first ever APT29 campaign aimed at political parties
Threat group APT29 is using secrets stolen in an earlier attack to compromise Microsoft’s internal systems
Known as Midnight Blizzard, the Dukes or Cozy Bear, the group has been identified as a Russian entity likely operating under the SVR
Microsoft said the Russian nation-state group Midnight Blizzard obfuscated its attack through the use of an OAuth application
Hewlett Packard Enterprise reveals that Russian state APT29 hackers stole data from corporate mailboxes
The FBI and CISA detected that hackers linked to the Russian foreign intelligence service (SVR) have been targeting a JetBrains TeamCity vulnerability since September 2023
Threat group may be looking for intel on Azerbaijan
The Russia-based actor exploited compromised Microsoft 365 tenants owned by small businesses
MagicWeb improves on FoggyWeb by facilitating covert access directly via a malicious DLL