Microsoft Warns APT29 to stop Global Rampage! Attacks

5 months, 3 weeks ago

Hold onto your digital hats, folks! Microsoft just dropped a cyber bombshell, revealing that those Russian state-sponsored troublemakers who messed with their systems back in November 2023 are on a hacking spree against other organizations. And guess what? Hewlett Packard Enterprise spilled the beans that they got hit too by this A-list hacking crew known as APT29, or BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes.

Now, according to the Microsoft Threat Intelligence team, these cyber villains are all about targeting governments, diplomats, NGOs, and IT service providers, mainly in the U.S. and Europe. Their game plan? Stealthy espionage to snatch up juicy information that's like catnip to Russia. They're like the secret agents of the cyber world, chilling for extended periods without anyone noticing.

Hold your gigabytes, there's more! Microsoft spilled the beans that this cyber circus might be bigger than we thought, but they're playing it close to the servers and didn't drop names.

So, how do these APT29 maestros operate? They dance around with legit but hijacked accounts to sneak into their target's world, avoiding the cyber paparazzi. They're also into the whole OAuth application abuse scene, doing cloud acrobatics to snoop around.

But here's the twist – they use breached user accounts to create these shady OAuth applications, granting them high-level permissions. It's like giving the keys to the kingdom to the bad guys. These apps then cozy up to Microsoft Exchange Online, targeting corporate email accounts for a data snatch.

In the November 2023 Microsoft heist, APT29 used a password spray attack to wiggle into a non-production test tenant account without multi-factor authentication. Sneaky, right? And get this, they pull off these shenanigans from a residential proxy party, hiding in plain sight with a crazy number of IP addresses.

Now, here's the bottom line – this Midnight Blizzard crew is playing hide-and-seek with their connections, making traditional detection like finding a needle in a cyber haystack. Microsoft's shouting out for organizations to step up their game against rogue OAuth apps and password spraying. So, fellow netizens, stay vigilant out there! 🕵️‍♂️💻 

Similar

Bunny Loader

Shiny Hunters

UNC3886