Cloud Security, Identity

New APT29 attacks set sights on cloud services

Cyberespionage operations by Russian threat operation APT29, also known as Cozy Bear, The Dukes, and Midnight Blizzard, were noted by the Five Eyes intelligence alliance to be pivoting toward intrusions against cloud infrastructure, according to BleepingComputer.

Cloud environments are being compromised by APT29 not only through previously breached access service account credentials but also via old employee accounts that were not disconnected by organizations, said the joint advisory from the FBI, Cybersecurity and Infrastructure Security Agency, National Security Agency, and the UK's National Cyber Security Centre, as well as cybersecurity agencies in Canada, Australia, and New Zealand. Aside from leveraging exfiltrated access tokens to enable account hijacking, APT29 has also been concealing malicious activity via breached routers and evading multi-factor authentication through MFA fatigue, according to the advisory. "As organizations continue to modernize their systems and move to cloud-based infrastructure, the SVR has adapted to these changes in the operating environment," said the advisory.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.