US government and allies expose TTPs used by notorious Russian hacking teams and warn of the targeting of dormant cloud accounts.
February 26, 2024 By Ionut Arghire
As organizations are moving to cloud-based infrastructure, Russian cyberespionage threat actors are adapting and have switched to targeting cloud services, according to a fresh warning from government agencies in the Five Eye countries.
Cybersecurity and law enforcement agencies in the US, Canada, UK, Australia and New Zealand issued a joint alert calling urgent attention to recent tactics, techniques, and procedures (TTPs) associated with APT29/Cozy Bear/Midnight Blizzard, a notorious hacking group linked to the Russia’s intelligence services (SVR).
Instead of exploiting software vulnerabilities to hack on-premises infrastructure, SVR actors have been observed launching brute-force and password spraying attacks to compromise service accounts, as well as targeting the dormant accounts of former employees to access the target organization’s environment.