Microsoft reports a surge in attacks aimed at stealing credentials – according to researchers, the Russian-speaking hacker group Midnight Blizzard (aka APT29, Nobelium, Cozy Bear, Iron Hemlock and The Dukes) is behind these attacks.
Among the targets of hackers: government organizations, IT service providers, NGOs, defense and critical manufacturing sectors.
Recall that we already reported that the Hacker group Cozy Bear attacked the National Committee of the US Republican Party, and even earlier the following information appeared about these government hackers: Cozy Bear tried to steal COVID-19 research data. Although who already remembers the pandemic?
However, information also appeared on information security resources that Microsoft said that since 2021, the Nobelium group hacked at least 14 IT companies.
The researchers add that hackers are also “carrying out session replay attacks to gain initial access to cloud resources using hijacked sessions that are likely to have been acquired illegally.”
In addition, the company warns that APT29 uses residential proxies in its attacks to route malicious traffic in order to mask connections made using compromised credentials.
The company also talks about how hackers complicate the detection of attacks.
Microsoft Defender Antivirus, Defender for Endpoint, Defender for Cloud Apps, and Azure Active Directory can detect these attacks by Russian hackers and protect against them, according to company representatives.
Microsoft also says that as usual in cases of cyber threats from government hackers, the company notifies its customers or companies that may be at risk of illegal actions.
