Amazon has disrupted a Russian state-sponsored cyberespionage campaign targeting Microsoft users through compromised websites that redirect visitors to malicious domains. The attack, attributed to the APT29 group (also known as Cozy Bear), involved credential harvesting and intelligence gathering efforts. #MidnightBlizzard #APT29 #RussianForeignIntelligenceService
Keypoints
- The campaign involved compromising legitimate websites to inject malicious JavaScript code.
- Victims were redirected to domains mimicking Cloudflare for credential theft via Microsoftβs device authentication flow.
- A small percentage of visitors (around 10%) were targeted with redirection through randomized methods.
- The attackers quickly reestablished new infrastructure after being blocked, including new domains and hosting providers.
- AWS confirmed no compromise of their systems and observed no impact on AWS infrastructure.
Read More: https://www.securityweek.com/amazon-disrupts-russian-hacking-campaign-targeting-microsoft-users/