Site icon API Security Blog

Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs

Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them. The development comes a day after Hewlett Packard Enterprise (HPE) revealed that it had been the victim of an attack perpetrated by a hacking crew tracked as APT29, which is also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes. "This threat actor is known to primarily target governments, diplomatic entities, non-governmental organizations (NGOs) and IT service providers, primarily in the U.S. and Europe," the Microsoft Threat Intelligence team said in a new advisory. The primary goal of these espionage missions is to gather sensitive information that is of strategic interest to Russia by maintaining footholds for extended periods of time without attracting any attention. The latest disclosure indicates that the scale of the campaign may have been bigger than previously thought. The tech giant, however, did not reveal which other entities were singled out. APT29's operations involve the use of legitimate but compromised accounts to gain and expand access within a target environment and fly under the radar. It's also known to identify and abuse OAuth applications to move laterally across cloud infrastructures and for post-compromise activity, such as email collection. "They utilize diverse initial…Read More

Exit mobile version