Cloud Security, Identity

New APT29 attacks set sights on cloud services

Cyberespionage operations by Russian threat operation APT29, also known as Cozy Bear, The Dukes, and Midnight Blizzard, were noted by the Five Eyes intelligence alliance to be pivoting toward intrusions against cloud infrastructure, according to BleepingComputer.

Cloud environments are being compromised by APT29 not only through previously breached access service account credentials but also via old employee accounts that were not disconnected by organizations, said the joint advisory from the FBI, Cybersecurity and Infrastructure Security Agency, National Security Agency, and the UK's National Cyber Security Centre, as well as cybersecurity agencies in Canada, Australia, and New Zealand. Aside from leveraging exfiltrated access tokens to enable account hijacking, APT29 has also been concealing malicious activity via breached routers and evading multi-factor authentication through MFA fatigue, according to the advisory. "As organizations continue to modernize their systems and move to cloud-based infrastructure, the SVR has adapted to these changes in the operating environment," said the advisory.

Related

LockBit-leaked DC city agency data from third party

Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.