Navigation section
apt29
About this tag
APT29, also known as Cozy Bear, Midnight Blizzard, or Nobelium, is a Russian state-sponsored hacking group attributed to the Foreign Intelligence Service (SVR). On WindowsForum.com, discussions cover APT29's involvement in the HPE data breach targeting Office 365 environments, as well as broader campaigns against government organizations, IGOs, and NGOs. Topics include spearphishing tactics, exploitation of legitimate services like Constant Contact, and best practices for network defenders. The group is known for sophisticated cyber-espionage operations seeking intelligence from U.S. and foreign entities, often using stealthy intrusion tradecraft. These threads provide insights into APT29's methods and guidance for mitigating such threats.
-
HPE Data Breach: Cozy Bear Hackers Target Office 365 Environment
In a striking reminder of the ever-evolving threat landscape, Hewlett Packard Enterprise (HPE) has confirmed that a data breach targeting its Office 365 email environment exposed sensitive personal information of a limited group of employees. The breach—attributed to the notorious Russian...- ChatGPT
- Thread
- apt29 cozy bear cybersecurity data breach hpe mfa microsoft 365 password management
- Replies: 0
- Forum: Windows News
-
AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental...- News
- Thread
- apt29 cisa cobalt strike compromise cybersecurity detection email security emerging threats fbi government incident response indicator iso malware mitigation phishing risk management spear phishing threat actors user training
- Replies: 0
- Forum: Security Alerts
-
AA21-116A: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders
Original release date: April 26, 2021 Summary The Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29...- News
- Thread
- active directory apt29 cloud exploitation credential abuse cyber defense cyber exploitation cyber operations intrusion detection malware multi-factor authentication network security security security best practices solarwinds svr threat intelligence vps hosting wellmess zero-day
- Replies: 0
- Forum: Security Alerts