Russian hackers change tactics to cloud attacks, US and allies caution

February 26, 2024
1 min read

TLDR:

Russian hackers from APT29, also known as Cozy Bear, have shifted their attacks to target cloud services, compromising Microsoft 365 accounts and government agencies. The Five Eyes alliance warns of their new tactics and advises network defenders on how to detect and mitigate these cloud attacks.

Russian Hackers Shift to Cloud Attacks, US and Allies Warn

APT29, a Russian hacking group, has been identified as targeting cloud infrastructure with sophisticated tools like MagicWeb malware. The Five Eyes alliance issued a joint advisory warning organizations to protect against APT29’s tactics.

Key Points:

  • APT29, also known as Cozy Bear, has shifted to targeting cloud services
  • The group compromised Microsoft 365 accounts and breached government agencies
  • The Five Eyes alliance issued a warning and provided mitigation strategies for network defenders

APT29, also known as Cozy Bear, has been actively targeting cloud infrastructure with a focus on gaining access to sensitive data. The hacking group, associated with the Russian Foreign Intelligence Service, breached multiple U.S. federal agencies following the SolarWinds supply-chain attack and compromised Microsoft 365 accounts belonging to various entities within NATO nations.

The Five Eyes intelligence alliance, consisting of the United States, United Kingdom, Canada, Australia, and New Zealand, warned organizations of APT29’s shift towards cloud attacks. The hackers are using sophisticated tactics to gain access to cloud environments, such as utilizing stolen access tokens, compromised routers, and multi-factor authentication bypass methods.

To detect and mitigate APT29’s attacks, network defenders are advised to enable multi-factor authentication, use strong passwords, employ the principle of least privilege, create canary service accounts, and monitor for indicators of compromise. By following these strategies outlined in the advisory, organizations can better defend against the evolving threat posed by the Russian hacking group.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and