APT29 intensifies credential-stealing attacks

More credential-stealing attacks have been deployed by Russian state-backed hacking operation APT29, also known as Midnight Blizzard, Cozy Bear, and Nobelium, against governments and nongovernmental organizations, as well as defense entities, critical manufacturing organizations, and IT service providers, reports The Record, a news site by cybersecurity firm Recorded Future. Numerous password spraying, token theft, and brute force techniques have been employed by APT29 in its attacks, according to Microsoft. APT29 has also leveraged low-reputation proxy servers in a recent campaign to facilitate internet traffic routing to regular households in an effort to obscure malicious activity. Organizations impacted by the latest APT29 attacks have not been named but were already notified by Microsoft. APT29 has been credited for numerous significant cyberattacks, including the widespread SolarWinds hack three years ago that impacted thousands of organizations around the world, as well as the extensive threat operations against Ukraine and other countries since the beginning of the Russia-Ukraine war.