Microsoft Warns of New Attacks by Russian Hackers from the Midnight Blizzard Group

Midnight Blizzard group
Microsoft reports a surge in attacks aimed at stealing credentials – according to researchers, the Russian-speaking hacker group Midnight Blizzard (aka APT29, Nobelium, Cozy Bear, Iron Hemlock and The Dukes) is behind these attacks.

Among the targets of hackers: government organizations, IT service providers, NGOs, defense and critical manufacturing sectors.

Recall that we already reported that the Hacker group Cozy Bear attacked the National Committee of the US Republican Party, and even earlier the following information appeared about these government hackers: Cozy Bear tried to steal COVID-19 research data. Although who already remembers the pandemic?

However, information also appeared on information security resources that Microsoft said that since 2021, the Nobelium group hacked at least 14 IT companies.

Current credential attacks use various methods of password spraying, brute force, and token theft.Microsoft says.

The researchers add that hackers are also “carrying out session replay attacks to gain initial access to cloud resources using hijacked sessions that are likely to have been acquired illegally.”

In addition, the company warns that APT29 uses residential proxies in its attacks to route malicious traffic in order to mask connections made using compromised credentials.

The company also talks about how hackers complicate the detection of attacks.

The use of low-reputation IP addresses like those from residential proxy services helps obfuscate threat actor connections using compromised credentials. The threat actor likely used these IP addresses for very short periods, which could make scoping and remediation challenging.Microsoft experts say.

Microsoft Defender Antivirus, Defender for Endpoint, Defender for Cloud Apps, and Azure Active Directory can detect these attacks by Russian hackers and protect against them, according to company representatives.

Microsoft also says that as usual in cases of cyber threats from government hackers, the company notifies its customers or companies that may be at risk of illegal actions.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Volodymyr Krasnogolovy

I'm a journalist, cybersecurity specialist, content manager, copywriter, and photojournalist. With a deep passion for cybersecurity and a diverse skill set, I'm excited to share my expertise through this blog. From researching the latest threats to crafting engaging narratives and capturing powerful visuals, I strive to provide valuable insights and raise awareness about the importance of cybersecurity.

Leave a Reply