August 30, 2024 at 01:42PM APT29, also known as Cozy Bear and Midnight Blizzard, conducted exploit campaigns using n-day mobile exploits previously employed by commercial spyware vendors. Google’s Threat Analysis Group found that these campaigns were initiated through a watering hole attack on Mongolian government websites, aiming to infect devices with iOS and Android vulnerabilities. … Read more
August 30, 2024 at 01:05PM Google’s Threat Analysis Group (TAG) discovered a series of exploit campaigns perpetrated by a Russian-backed threat actor targeting the Mongolian government websites, delivering mobile exploits previously utilized by commercial spyware vendors Intellexa and NSO Group. The campaigns aimed to hijack visitors’ devices by exploiting iOS and Chrome vulnerabilities, posing an … Read more
June 28, 2024 at 03:08PM TeamViewer disclosed that it was infiltrated by Russian cyber-spies, Cozy Bear, who gained access to its systems through a worker’s login. The breach was limited to non-production systems, with no evidence of accessing customer data. Similar to previous attacks, the group’s tactics align with known techniques, raising concerns about potential … Read more
June 28, 2024 at 10:48AM TeamViewer, a widely used RMM software, has reported a breach in their corporate network believed to be orchestrated by the Russian state-sponsored hacking group Midnight Blizzard. The company believes the breach occurred using an employee’s credentials. TeamViewer assures customers that their production environment and customer data were not accessed, recommending … Read more
April 12, 2024 at 02:25PM CISA issued an emergency directive in response to a Russian cyber threat targeting Microsoft email accounts. The group, known as Midnight Blizzard, is exfiltrating information and has already affected several companies. The directive requires federal agencies to investigate, reset compromised credentials, and secure privileged accounts. All organizations are urged to … Read more
March 23, 2024 at 03:58AM Russian cyberspies targeted German political parties using phishing emails disguised as dinner invitations. The emails contained a backdoor, WINELOADER, that aimed to infect targets’ PCs for long-term access to networks and data. The espionage group, linked to the Russian Foreign Intelligence Service, has expanded its targets, techniques, and even lurked … Read more
March 22, 2024 at 12:48PM Mandiant discovered Russia’s APT29 hacking group targeting German political parties, marking a potential shift from diplomatic targets. The group used phishing emails with a malware dropper and backdoor to infiltrate systems. Mandiant noted the group’s evolving tactics and previous high-profile attacks, cautioning about their adaptability and broad threat to Western … Read more
March 8, 2024 at 11:57PM Microsoft disclosed that the Kremlin-backed threat actor Midnight Blizzard gained access to some source code repositories and internal systems following a hack in January 2024. The company stated that it is investigating the extent of the breach and has increased its security investments in response to the attack. The breach … Read more
February 26, 2024 at 12:09PM Russian cyberespionage threat actors are now targeting cloud services as organizations shift to cloud-based infrastructure, warned by government agencies in the Five Eye countries. This includes tactics like brute-force attacks, exploiting dormant accounts, using tokens to bypass multi-factor authentication, and deploying post-compromise tools, as well as utilizing residential proxies to … Read more
January 26, 2024 at 01:21AM Microsoft has reported that Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 are now targeting other organizations. The group, known as APT29 or BlueBravo, primarily targets governments, diplomatic entities, and IT service providers in the U.S. and Europe. They utilize legitimate but … Read more