Recherche : [APT29] - Cyberveille

Germany suspects Russian cyber attack on research group https://www.dw.com/en/germany-suspects-russian-cyber-attack-on-research-group/a-72175406

11/04/2025 10:21:47

German intelligence services have said they are investigating a suspected Russian cyberattack against a Berlin-based research network.

APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP https://thehackernews.com/2024/12/apt29-hackers-target-high-value-victims.html

22/12/2024 20:43:52

The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files.

The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously documented by Black Hills Information Security in 2022, Trend Micro said in a report.

Amazon identified internet domains abused by APT29 https://aws.amazon.com/fr/blogs/security/amazon-identified-internet-domains-abused-by-apt29/

31/10/2024 08:55:15

APT29 aka Midnight Blizzard recently attempted to phish thousands of people. Building on work by CERT-UA, Amazon recently identified internet domains abused by APT29, a group widely attributed to Russia’s Foreign Intelligence Service (SVR). In this instance, their targets were associated with government agencies, enterprises, and militaries, and the phishing campaign was apparently aimed at […]

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/

31/10/2024 08:54:19

Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight […]

State-backed attackers and commercial surveillance vendors repeatedly use the same exploits https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/

29/08/2024 16:50:41

We’re sharing an update on suspected state-backed attacker APT29 and the use of exploits identical to those used by Intellexa and NSO.

TeamViewer: Hackers copied employee directory data and encrypted passwords https://therecord.media/teamviewer-cyberattack-employee-directory-encrypted-passwords

02/07/2024 16:44:27

TeamViewer says that a recently discovered breach appears to be limited to its internal corporate IT network. The software company has attributed it to a hacking operation associated with Russian intelligence.

APT29 Uses WINELOADER to Target German Political Parties | Mandiant https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-parties

25/03/2024 09:14:30

APT29 used a new backdoor variant publicly tracked as WINELOADER to target German political parties.

Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

21/01/2024 00:24:48

Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

Microsoft network breached through password-spraying by Russian-state hackers https://arstechnica.com/security/2024/01/microsoft-network-breached-through-password-spraying-by-russian-state-hackers/

20/01/2024 10:03:08

Senior execs' emails accessed in network breach that wasn't caught for 2 months.

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html

20/01/2024 09:54:39

Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments.

The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly Nobelium), which is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes.

Russia-backed hackers used Microsoft Teams to breach government agencies | TechCrunch https://techcrunch.com/2023/08/03/russia-hackers-microsoft-teams-government/

03/08/2023 15:16:48

Russian state-sponsored hackers posed as technical support staff on Microsoft Teams to compromise dozens of global organizations, including government agencies.

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/

24/08/2022 19:56:03

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.

Il malware EnvyScout (APT29) è stato veicolato anche in Italia https://cert-agid.gov.it/news/il-malware-envyscout-apt29-e-stato-veicolato-anche-in-italia/

09/07/2022 07:00:14

Il malware EnvyScout (APT29) è stato veicolato anche in Italia

Liens par page

Filtres