Amazon disrupted a watering hole attack linked to APT29, a Russian hacking group, that targeted Microsoft’s authentication process. The campaign involved compromised legitimate websites that injected malicious JavaScript, with only a small percentage of visitors redirected to Russian-controlled domains. #APT29 #WateringHoleAttack
Keypoints
- Amazon’s threat team identified and disrupted a watering hole campaign linked to APT29 in August 2024.
- The hackers compromised legitimate websites and injected malicious JavaScript to harvest credentials.
- Approximately 10% of visitors were redirected to malicious domains, including findcloudflare[.]com.
- Amazon coordinated with Cloudflare and Microsoft to take down affected domains and mitigate the attack.
- APT29 has a history of high-profile cyber operations, including the SolarWinds hack and breaches of Microsoft accounts.
Read More: https://therecord.media/amazon-shuts-down-apt29-watering-hole-attack