Amazon has disrupted an opportunistic watering hole campaign by APT29, a Russia-linked threat group, involving compromised websites redirecting visitors to malicious domains. The campaign aims to steal Microsoft account credentials through sophisticated evasion techniques and social engineering. #APT29 #WateringHole #MicrosoftCredentialTheft
Keypoints
- APT29, also known as Cozy Bear, is a Russian state-sponsored hacking group conducting targeted cyber operations.
- The campaign involved injecting JavaScript into legitimate websites to redirect visitors to malicious domains mimicking Cloudflare pages.
- The attackers used device code phishing and cookie-based evasion techniques to harvest credentials and gather intelligence.
- Amazonβs threat intelligence team successfully disrupted the campaign despite the threat actor moving to other cloud providers.
- The activity demonstrates APT29βs evolving tactics to broaden their intelligence collection and scale their operations.
Read More: https://thehackernews.com/2025/08/amazon-disrupts-apt29-watering-hole.html