June 28, 2024 at 03:08PM TeamViewer disclosed that it was infiltrated by Russian cyber-spies, Cozy Bear, who gained access to its systems through a worker’s login. The breach was limited to non-production systems, with no evidence of accessing customer data. Similar to previous attacks, the group’s tactics align with known techniques, raising concerns about potential … Read more
June 28, 2024 at 10:48AM TeamViewer, a widely used RMM software, has reported a breach in their corporate network believed to be orchestrated by the Russian state-sponsored hacking group Midnight Blizzard. The company believes the breach occurred using an employee’s credentials. TeamViewer assures customers that their production environment and customer data were not accessed, recommending … Read more
April 12, 2024 at 02:25PM CISA issued an emergency directive in response to a Russian cyber threat targeting Microsoft email accounts. The group, known as Midnight Blizzard, is exfiltrating information and has already affected several companies. The directive requires federal agencies to investigate, reset compromised credentials, and secure privileged accounts. All organizations are urged to … Read more
March 23, 2024 at 03:58AM Russian cyberspies targeted German political parties using phishing emails disguised as dinner invitations. The emails contained a backdoor, WINELOADER, that aimed to infect targets’ PCs for long-term access to networks and data. The espionage group, linked to the Russian Foreign Intelligence Service, has expanded its targets, techniques, and even lurked … Read more
March 22, 2024 at 12:48PM Mandiant discovered Russia’s APT29 hacking group targeting German political parties, marking a potential shift from diplomatic targets. The group used phishing emails with a malware dropper and backdoor to infiltrate systems. Mandiant noted the group’s evolving tactics and previous high-profile attacks, cautioning about their adaptability and broad threat to Western … Read more
March 8, 2024 at 11:57PM Microsoft disclosed that the Kremlin-backed threat actor Midnight Blizzard gained access to some source code repositories and internal systems following a hack in January 2024. The company stated that it is investigating the extent of the breach and has increased its security investments in response to the attack. The breach … Read more
February 26, 2024 at 12:09PM Russian cyberespionage threat actors are now targeting cloud services as organizations shift to cloud-based infrastructure, warned by government agencies in the Five Eye countries. This includes tactics like brute-force attacks, exploiting dormant accounts, using tokens to bypass multi-factor authentication, and deploying post-compromise tools, as well as utilizing residential proxies to … Read more
January 26, 2024 at 01:21AM Microsoft has reported that Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 are now targeting other organizations. The group, known as APT29 or BlueBravo, primarily targets governments, diplomatic entities, and IT service providers in the U.S. and Europe. They utilize legitimate but … Read more
January 25, 2024 at 02:29PM Russian threat actor “Midnight Blizzard,” also known as Nobelium, breached both Hewlett-Packard Enterprise’s (HPE) and Microsoft’s email environments, exfiltrating data from senior leadership and other segments. Both companies were unaware of the breaches until months later, highlighting the threat’s insidious nature. The attack serves as a sobering reminder of the … Read more
January 25, 2024 at 05:18AM Hewlett Packard Enterprise (HPE) disclosed that its cloud email environment was targeted by hackers believed to be sponsored by the Russian government. The attack, attributed to the Midnight Blizzard and Cozy Bear threat groups, resulted in unauthorized access and data exfiltration. Microsoft also reported a similar attack by the same … Read more