corteximplant.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
CORTEX IMPLANT - an international cyberpunk'ish LGBTQIA+ friendly Fediverse instance for edgerunners, netrunners and cyberpunks and all who want to become one.

Administered by:

Server stats:

236
active users

#apt29

0 posts0 participants0 posts today
Public

Russian State Actors: Development in Group Attributions

This analysis explores the evolution of Russian state-backed cyber actors and their operations. It highlights the activities of several prominent groups, including UNC2589, APT44 (Sandworm), APT29, and APT28. These actors, associated with various Russian intelligence agencies, have been involved in global espionage, sabotage, and influence operations. The report details their targets, which include government organizations, critical infrastructure, and diplomatic entities across multiple countries. It also describes the groups' adaptation to new security measures and their use of advanced techniques such as zero-day exploits, social engineering, and living off the land tactics. The analysis emphasizes the importance of understanding these actors' methods for improving global cybersecurity resilience.

Pulse ID: 67cc2ca27d4672d04ef4eb01
Pulse Link: otx.alienvault.com/pulse/67cc2
Pulse Author: AlienVault
Created: 2025-03-08 11:40:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
Public

Happy Friday everyone!

A Joint Advisory from the National Security Agency, Federal Bureau of Investigation (FBI), Cyber National Mission Force, and the National Cyber Security Centre provides updates on the Russian Federation's Foreign Intelligence Service, or #SVR.

According to the advisory, #APT29 (a.k.a Midnight Blizzard, Cozy Bear, and the Dukes) has targeted the defense, technology, and finance sectors to collect foreign intelligence and enable future cyber operations. They aim to exploit software vulnerabilities for initial access and escalate privileges. They also utilize spearphishing campaigns, password spraying, abuse of supply chain and trusted relationships. They also utilize custom malware and living-off-the-land (LOLBINs) techniques for multiple techniques.

The report includes a list of #CVEs that APT29 has been observed exploiting and attach the vendor and product that are effected with details that describe the vulnerability along with a section of mitigations that your organization can take to increase your security posture.

If you are looking for behaviors that are attributed to APT29, look no further than the MITRE ATT&CK Matrix! This resource has collected historic #TTPs and behaviors and referenced them as well. So while you are working on hardening your environment you can also hunt for their activity as well! Enjoy and Happy Hunting!

Article Source:
Update on SVR Cyber Operations and Vulnerability Exploitation
ic3.gov/Media/News/2024/241010

Mitre source:
attack.mitre.org/groups/G0016/

Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting Cyborg Security, Now Part of Intel 471

Public

Wie war das nochmal mit dem Thema "staatliches #Schwachstellenmanagement"? Für diese Erkenntnis hätten wir keine Jahre gebraucht:

"Russische #Hacker nutzen die gleichen Lücken wie #Staatstrojaner"

"#APT29 habe dabei "identische oder auffallend ähnliche" Exploits genutzt, wie die Spysoftware-Anbieter Intellexa Alliance und #NSO Group."

futurezone.at/netzpolitik/russ

futurezone.at · Russische Hacker nutzen die gleichen Lücken wie StaatstrojanerBy futurezone.at
Public

Russian government hackers are using exploits that are “identical or strikingly similar” to those previously made by spyware makers Intellexa and NSO Group.

In a blog post on Thursday, Google said it is not sure how the Russian government acquired the exploits,
but said this is an example of how exploits developed by spyware makers can end up in the hands of
“dangerous threat actors.”

In this case, Google says the threat actors are #APT29, a group of hackers widely attributed to Russia’s Foreign Intelligence Service, or the #SVR.

APT29 is a highly capable group of hackers,
known for its long-running and persistent campaigns aimed at conducting espionage and data theft against a range of targets,
including tech giants Microsoft and SolarWinds, as well as foreign governments.

Google said it found the hidden exploit code embedded on Mongolian government websites between November 2023 and July 2024.

During this time, anyone who visited these sites using an iPhone or Android device could have had their phone hacked and data stolen, including passwords, in what is known as a “watering hole” attack.

techcrunch.com/2024/08/29/russ

TechCrunch · Russian government hackers found using exploits made by spyware companies NSO and Intellexa | TechCrunchGoogle said the findings were an example of how exploits developed by spyware makers can end up in the hands of "dangerous threat actors."
Public

Remote access service hacked—by #APT29, says #TeamViewer.

TeamViewer says “a compromised employee account” led to a #Russian breach. While the company makes reassuring noises about its segmented network, it also said the tool was installed on more than 2.5 billion devices.

And that’s a worry, despite the calming PR. In #SBBlogwatch, we wonder why TeamViewer didn’t enforce #MFA for employees (see also: Snowflake, Okta, Uber, etc., etc.) At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/07/

Security Boulevard · ‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at RiskSolarWinds hackers strike again: Remote access service hacked—by APT29, says TeamViewer.
Public

🪆 TeamViewer links corporate cyberattack to Russian state hackers - Bleeping Computer

"Based on continuous security monitoring, our teams identified suspicious behavior of this account and immediately put incident response measures into action. Together with our external incident response support, we currently attribute this activity to the threat actor known as APT29 / Midnight Blizzard"

bleepingcomputer.com/news/secu

Public

Fernwartungszugänge sind regelmäßig Thema, wenn es um Cyber-Sicherheit von Unternehmen geht. Sehr häufig nutzen Unternehmen den TeamViewer. Dort hat es wohl einen Angriff der russischen Hackergruppe Cozy Bear bzw. APT29 gegeben. Wie weitreichend der Angriff war, wird gerade untersucht. #teamviewer #hackerangriff #cybercrime #fernwartung #cozybear #apt29 #russia #russland

welt.de/newsticker/dpa_nt/info

WELT · Cyberangriff auf Fernwartungssoftware-Anbieter TeamviewerBy WELT
Public

Splunk provides a detailed analysis of the tactics, techniques, and procedures (TTPs) employed by APT29 in the campaign targeting German political parties with the new WINELOADER backdoor. APT29, aka Midnight Blizzard and Cozy Bear, is publicly attributed to Russian Foreign Intelligence Service (SVR). IOC and Yara rules provided.🔗 splunk.com/en_us/blog/security

SplunkFrom Water to Wine: An Analysis of WINELOADER | SplunkIn this blog post we'll look closely at the WINELOADER backdoor and how Splunk can be used to detect and respond to this threat.
Public

Hot off the press! CISA issues Emergency Directive (ED) 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System. Affected agencies are required to take immediate remediation action for tokens, passwords, API keys, or other authentication credentials known or suspected to be compromised; identify the full content of the agency correspondence with compromised Microsoft accounts, etc. 🔗 cisa.gov/news-events/directive

cc: @briankrebs @campuscodi

Cybersecurity and Infrastructure Security Agency CISAED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System | CISA This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 24-02: Mitigating the Significant Risk
Public

Experten des US-IT-Sicherheitsunternehmens #Mandiant haben entdeckt, dass die Hackergruppe #APT29 zum ersten Mal politische Parteien in Deutschland ins Visier nimmt. Geködert wird mit einem Essen bei der #CDU. winfuture.de/news,141882.html?

WinFuture.de · Russische Hacker zielen mit WineLoader-Malware auf deutsche ParteienBy Nadine Juliana Dressler
Public

Five Eyes warning, that APT29 is going after MS customers

Why do I need a Wapo article to stumble over it? Were there any alerts in EU I missed (BSI?)? Any news on this already in European media outlets?

„Microsoft attributed the ongoing attacks to an SVR group that it calls Midnight Blizzard and that other security companies refer to as APT29 or Cozy Bear.“

#Microsoft #M365 #O365 #EntraID #AzureAD #Russia #SVR #APT29 #MidnightBlizzard infosec.exchange/@JosephMenn/1

Infosec ExchangeJosephMenn (@JosephMenn@infosec.exchange)The Russian hackers who broke into Microsoft are now going after its customers. Five Eyes agencies issue detailed instructions for beefing up cloud security in response. New from me, free with registration. https://wapo.st/3T9xhJF