Security News > 2024 > February > Russian hackers shift to cloud attacks, US and allies warn
Members of the Five Eyes intelligence alliance warned today that APT29 Russian Foreign Intelligence Service hackers are now switching to attacks targeting their victims' cloud services.
The Russian cyberspies also compromised Microsoft 365 accounts belonging to various entities within NATO nations to obtain foreign policy-related data and targeted governments, embassies, and senior officials throughout Europe associated in a string of phishing attacks.
Today, a joint advisory issued by the U.K.'s National Cyber Security Centre, the NSA, CISA, the FBI, and cybersecurity agencies from Australia, Canada, and New Zealand warned that the Russian threat group is gradually moving to attacks against cloud infrastructure.
As the Five Eyes agencies found, APT29 hackers are now gaining access to their targets' cloud environments using access service account credentials compromised in brute forcing or password spraying attacks.
APT29's initial cloud breach vectors also include the use of stolen access tokens that enable them to hijack accounts without using credentials, compromised residential routers to proxy their malicious activity, MFA fatigue to bypass multi-factor authentication, and registering their own devices as new devices on the victims' cloud tenants.
HPE: Russian hackers breached its security team's email accounts.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- Healthcare attacks spread beyond US – just ask India's Star Health (source)
- China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it (source)