October 30, 2024 at 06:26PM Midnight Blizzard, a Russian-linked threat group, is executing a vast campaign using spear-phishing emails with signed Remote Desktop Protocol (RDP) files to compromise systems and harvest credentials. Targeting over 100 organizations, this tactic evades security measures, prompting Microsoft to recommend enhanced email security and multifactor authentication measures. **Meeting Takeaways:** 1. … Read more
October 30, 2024 at 08:48AM Microsoft reports a two-week mass phishing campaign by Russia’s SVR, targeting over 100 organizations through novel techniques, including remote desktop protocol (RDP) configuration files. The campaign, which began on October 22, impersonates Microsoft and other providers, primarily affecting entities in the UK, Europe, Australia, and Japan. ### Meeting Takeaways 1. … Read more
August 30, 2024 at 01:42PM APT29, also known as Cozy Bear and Midnight Blizzard, conducted exploit campaigns using n-day mobile exploits previously employed by commercial spyware vendors. Google’s Threat Analysis Group found that these campaigns were initiated through a watering hole attack on Mongolian government websites, aiming to infect devices with iOS and Android vulnerabilities. … Read more
August 30, 2024 at 01:05PM Google’s Threat Analysis Group (TAG) discovered a series of exploit campaigns perpetrated by a Russian-backed threat actor targeting the Mongolian government websites, delivering mobile exploits previously utilized by commercial spyware vendors Intellexa and NSO Group. The campaigns aimed to hijack visitors’ devices by exploiting iOS and Chrome vulnerabilities, posing an … Read more
June 28, 2024 at 03:08PM TeamViewer disclosed that it was infiltrated by Russian cyber-spies, Cozy Bear, who gained access to its systems through a worker’s login. The breach was limited to non-production systems, with no evidence of accessing customer data. Similar to previous attacks, the group’s tactics align with known techniques, raising concerns about potential … Read more
June 28, 2024 at 02:04PM Microsoft’s corporate infrastructure hack by the Russian government continues to have far-reaching impact as it’s revealed that customers’ emails were also stolen by the Midnight Blizzard hackers. The company is notifying affected customers and providing a secure portal for them to review the compromised emails. The hacking group seems to … Read more
June 28, 2024 at 10:48AM TeamViewer, a widely used RMM software, has reported a breach in their corporate network believed to be orchestrated by the Russian state-sponsored hacking group Midnight Blizzard. The company believes the breach occurred using an employee’s credentials. TeamViewer assures customers that their production environment and customer data were not accessed, recommending … Read more
June 20, 2024 at 05:10PM Midnight Blizzard, a Russia-backed advanced persistent threat, continues to pose an active threat to French diplomatic entities. Recently targeted by the group are institutions including the French Ministry of Culture and the National Agency for Territorial Cohesion. Tactics include phishing and forged documents to access networks and exfiltrate data, per … Read more
June 20, 2024 at 10:58AM State-sponsored cyber attacks targeting French diplomatic entities have been linked to Russia by the country’s information security agency. The attacks, attributed to a cluster named Midnight Blizzard, use phishing emails and compromised accounts to initiate malicious actions. The threat actor, known as Nobelium, has also targeted European embassies and leveraged … Read more
April 12, 2024 at 02:25PM CISA issued an emergency directive in response to a Russian cyber threat targeting Microsoft email accounts. The group, known as Midnight Blizzard, is exfiltrating information and has already affected several companies. The directive requires federal agencies to investigate, reset compromised credentials, and secure privileged accounts. All organizations are urged to … Read more