#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

APT29 | Breaking Cybersecurity News | The Hacker News

Category — APT29
Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Aug 29, 2024 Browser Security / Vulnerability
Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement Lecigne said in a report shared with The Hacker News. The activity, observed between November 2023 and July 2024, is notable for delivering the exploits by means of a watering hole attack on Mongolian government websites, cabinet.gov[.]mn and mfa.gov[.]mn. A watering hole attack, also called a strategic website compromise attack, is a form of cyber attack that targets groups of users or those within a particular industry by compromising websites that they commonly visit in order to serve them with malware and gain access to their systems. The intrusion set has been attributed wi...
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

Mar 09, 2024 Cyber Attack / Threat Intelligence
Microsoft on Friday revealed that the Kremlin-backed threat actor known as  Midnight Blizzard  (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a  hack that came to light  in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access," the tech giant  said . "This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised." Redmond, which is continuing to investigate the extent of the breach, said the Russian state-sponsored threat actor is attempting to leverage the different types of secrets it found, including those that were shared between customers and Microsoft in email. It, however, did not disclose what the...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Five Eyes Agencies Expose APT29's Evolving Cloud Attack Tactics

Five Eyes Agencies Expose APT29's Evolving Cloud Attack Tactics

Feb 27, 2024 Cloud Security / Threat Intelligence
Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as  APT29 . The hacking outfit, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes, is assessed to be affiliated with the Foreign Intelligence Service (SVR) of the Russian Federation. Previously attributed to the  supply chain compromise  of SolarWinds software, the cyber espionage group  attracted attention  in recent months for targeting Microsoft, Hewlett Packard Enterprise (HPE), and other organizations with an aim to further their strategic objectives. "As organizations continue to modernize their systems and move to cloud-based infrastructure, the SVR has adapted to these changes in the operating environment," according to the  security bulletin . These include - Obtaining access to cloud infrastructure via service a...
cyber security

Breaking Barriers: Strategies to Unite AppSec and R&D for Success

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs

Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs

Jan 26, 2024 Threat Intelligence / Cyber Attack
Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a  cyber attack on its systems  in late November 2023 have been targeting other organizations and that it's currently beginning to notify them. The development comes a day after Hewlett Packard Enterprise (HPE)  revealed  that it had been the victim of an attack perpetrated by a hacking crew tracked as  APT29 , which is also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes. "This threat actor is known to primarily target governments, diplomatic entities, non-governmental organizations (NGOs) and IT service providers, primarily in the U.S. and Europe," the Microsoft Threat Intelligence team  said  in a new advisory. The primary goal of these espionage missions is to gather sensitive information that is of strategic interest to Russia by maintaining footholds for extended periods of time without attracting any attenti...
Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Jan 25, 2024 Cyber Attack / Data Breach
Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email environment to exfiltrate mailbox data. "The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions," the company  said  in a regulatory filing with the U.S. Securities and Exchange Commission (SEC). The intrusion has been attributed to the Russian state-sponsored group known as APT29, and which is also tracked under the monikers BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes. The disclosure arrives days after Microsoft  implicated the same threat actor  to the breach of its corporate systems in late November 2023 to steal emails and attachments from senior executives and other individuals in the company's cybersecurity and legal ...
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

Jan 20, 2024 Cyber Espionage / Emails Security
Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as  Midnight Blizzard  (formerly Nobelium), which is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes. It further said that it immediately took steps to investigate, disrupt, and mitigate the malicious activity upon discovery on January 12, 2024. The campaign is estimated to have commenced in late November 2023. "The threat actor used a  password spray attack  to compromise a legacy non-production test tenant account and gain a foothold, and then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership ...
Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers

Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers

Aug 25, 2022
The threat actor behind the SolarWinds supply chain attack has been linked to yet another "highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. Dubbed  MagicWeb  by Microsoft's threat intelligence teams, the development reiterates Nobelium's commitment to developing and maintaining purpose-built capabilities. Nobelium is the tech giant's moniker for a cluster of activities that came to light with the  sophisticated attack targeting SolarWinds  in December 2020, and which overlaps with the Russian nation-state hacking group widely known as  APT29 , Cozy Bear, or The Dukes. "Nobelium remains highly active, executing multiple campaigns in parallel targeting government organizations, non-governmental organizations (NGOs), intergovernmental organizations (IGOs), and think tanks across the US, Europe, and Central Asia," Microsoft  said . MagicWeb, which shares similarities with another t...
Expert Insights / Articles Videos
Cybersecurity Resources