Microsoft Shares New Guidance in Wake of 'Midnight Blizzard' Cyberattack
Threat actors created and abused OAuth apps to access Microsoft's corporate email environment and remain there for weeks.
APT29 is an espionage-focused threat actor associated with Russian intelligence, making its tactics relevant to understanding state-backed cyber risk.
Search across headline titles and summaries.
Background for this topic.
APT29 is a sophisticated cyber espionage group linked to a nation-state, known for stealthy, long-term intrusions targeting government agencies, think tanks, and research institutions. They employ custom malware, zero-day exploits, and social engineering to gain initial access and maintain persistence, often using legitimate credentials to avoid detection. Their operations focus on intelligence collection rather than immediate disruption or destruction.
Security teams should watch for signs of credential compromise, lateral movement, and covert data exfiltration associated with APT29 activity. Defenses that emphasize multi-factor authentication, network segmentation, and behavioral anomaly detection can reduce risk. Understanding APT29’s tactics, techniques, and procedures (TTPs) enables more effective threat hunting and tailored monitoring to detect and mitigate espionage campaigns early.
Threat actors created and abused OAuth apps to access Microsoft's corporate email environment and remain there for weeks.
Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them
The Russian APT behind the SolarWinds attacks exfiltrated data from HPE email accounts last May.
Hewlett Packard Enterprise reveals that Russian state APT29 hackers stole data from corporate mailboxes
Cozy Bear may have had access to the green rectangular email and SharePoint cloud for six months HPE has become the latest tech giant to admit it has been compromised by Russian operatives.…
'Midnight Blizzard' Was Inside Company Network for 7 MonthsHewlett Packard Enterprise in an after-hours regulatory filing disclosed that suspected Russian state hackers had gained access to corporate email inboxes for more than seven months. A threat group tracked as "Midnight Blizzard" first penetrated HPE's cloud-based email service in May 2023.
Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. [...]
Russian state-sponsored threat actor Nobelium used a basic password-spray attack to breach Microsoft corporate email accounts, including for execs.