October 30, 2024 at 08:48AM Microsoft reports a two-week mass phishing campaign by Russia’s SVR, targeting over 100 organizations through novel techniques, including remote desktop protocol (RDP) configuration files. The campaign, which began on October 22, impersonates Microsoft and other providers, primarily affecting entities in the UK, Europe, Australia, and Japan. ### Meeting Takeaways 1. … Read more
October 26, 2024 at 12:25AM The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a malicious email campaign targeting government and military bodies, linked to the Russian hacking group APT29. These emails use fake AWS domains to deploy Remote Desktop Protocol files for unauthorized access. CERT-UA also reports multiple ongoing cyber threats against Ukraine. … Read more
October 25, 2024 at 04:29PM APT29, a notorious Russian cyber threat group, has targeted military, government, and private sectors through phishing campaigns. They recently aimed to steal Windows credentials by disguising emails as AWS communications. Experts advise blocking RDP files at email gateways and monitoring outgoing connections to thwart future attacks. **Meeting Takeaways: APT29 Phishing … Read more
October 25, 2024 at 12:44PM Amazon has seized domains utilized by the Russian hacking group APT29, known for sophisticated cyber-espionage targeting government entities. The phishing campaign aimed to steal Windows credentials via deceptive RDP files masquerading as AWS domains. Amazon clarified it and its cloud services were not direct targets of these attacks. **Meeting Takeaways: … Read more
October 25, 2024 at 05:56AM AWS has seized domains utilized by the Russian hacker group APT29, known for phishing attacks against Ukraine and other nations. This action aims to disrupt their malicious activities. The announcement was made in a post on SecurityWeek. **Meeting Takeaways:** 1. **Event Announcement**: AWS has announced the seizure of domains associated … Read more
October 11, 2024 at 05:27AM CISA warns of threat actors exploiting unencrypted persistent cookies in F5 BIG-IP Local Traffic Manager for network reconnaissance. Organizations are advised to encrypt these cookies and use the BIG-IP iHealth diagnostic tool. Meanwhile, joint U.S.-U.K. agencies highlight threats from APT29, a Russian military intelligence group targeting various sectors. **Meeting Takeaways … Read more
October 10, 2024 at 02:50PM U.S. and U.K. cyber agencies have warned that APT29 hackers linked to Russia are targeting unpatched Zimbra and JetBrains TeamCity servers worldwide. A joint advisory urges network defenders to deploy security patches to prevent attacks exploiting multiple vulnerabilities, highlighting ongoing threats to both government and private sectors. ### Meeting Takeaways: … Read more
August 30, 2024 at 01:05PM Google’s Threat Analysis Group (TAG) discovered a series of exploit campaigns perpetrated by a Russian-backed threat actor targeting the Mongolian government websites, delivering mobile exploits previously utilized by commercial spyware vendors Intellexa and NSO Group. The campaigns aimed to hijack visitors’ devices by exploiting iOS and Chrome vulnerabilities, posing an … Read more
August 29, 2024 at 04:10PM Google’s Threat Analysis Group detected similarities between attack tactics used by Russia-linked APT29 group and commercial spyware vendors. The APT29 group, known for past cyber intrusions, utilized malware targeting vulnerabilities in mobile operating systems similar to those used by spyware vendors NSO Group and Intellexa. This underscores the danger posed … Read more
August 29, 2024 at 09:05AM Between November 2023 and July 2024, the Russian state-sponsored APT29 group, also known as “Midnight Blizzard,” utilized iOS and Android exploits in cyberattacks on Mongolian government websites. Google’s Threat Analysis Group identified the group’s use of n-day flaws that remain effective on devices not updated. APT29’s exploits overlapped with those … Read more