Hackers linked to Russia used social engineering to trick a Russian affairs expert into handing over app-specific passwords.
🔗 https://hackread.com/hackers-use-social-engineering-expert-russian-operations/
#CozyBear
#CozyBear #APT29 #SurkovSiegeDiscovery #NCSC #1024Eyes
#FWakeY2020 #FWakeYear2020 16 July 2020
APT29 (also known as ‘the Dukes’ or ‘Cozy Bear’) is a cyber espionage group, almost certainly part of the Russian intelligence services. The United States’ National Security Agency (NSA) agrees with this attribution and the details provided in this report.
https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development
Threat actor profile: #CozyBear (APT29)
Read our comprehensive report about the Russian hacking group behind attacks such as SolarWinds, the 2016 DNC hack, and operations related to the war in Ukraine.
👉 Access the full report through our Members’ Portal: https://www.huntandhackett.com/members/register
👉 Already a member? Go straight to the report: https://www.huntandhackett.com/members/actors/apt29
Happy Wednesday everyone!
This resources has been popping up on my feed everywhere so I took a look at it and I see why! When he is not instructing the #SANS FOR589, Will Thomas is creating highly valuable resources like the Russian APT Tool Matrix.
Will has taken the time to correlate the tools of Russian #APTs such as #CozyBear and #Sandworm and even supplied the aliases that go along with them as well. This is a great resource if you are an organization who is APT focused to prioritize your threat hunting! Thanks a ton Will!
Enjoy and Happy Hunting!
Russian APT Tool Matrix:
https://github.com/BushidoUK/Russian-APT-Tool-Matrix/blob/main/GroupProfiles/Sandworm.md
Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday #HappyHunting Cyborg Security, Now Part of Intel 471
The Russian APT Tool Matrix
#CozyBear #FancyBear #BerserkBear #EMBERBEAR #Sandworm #Gamaredon #Turla
https://blog.bushidotoken.net/2024/09/the-russian-apt-tool-matrix.html
unbedingt angucken!
Zum deutschen #Fernsehpreis 2024 nominiert als beste #Reportage #Doku zum Thema #Informationskrieg von #simplicissimus
Sehr strukturierte und detailreiche Aufarbeitung von dem #Bundestags-#Hacks über die "Clinton e-mail-Affäre" der #USwahl bis hin zu dem #viasat #Hack zeitgleich zum "konventionellen" Angriff auf die Ukraine und den #VulkanFiles...
#tvtipp #Hacker #GRU #merkel #trump #putin #atp28 #cozybear #fancybear #voodoobear
Cyberkriminelle nehmen #Spyware-Hersteller als Vorbild bei Angriff auf Browser | Security https://www.heise.de/news/Cyberkriminelle-nehmen-Spyware-Hersteller-als-Vorbild-bei-Angriff-auf-Browser-9852070.html #CyberCrime #Malware #APT29 #CozyBear
#Microsoft informiert betroffene Kunden von #MidnightBlizzard-Spionage | Security https://www.heise.de/news/Microsoft-informiert-betroffene-Kunden-von-Midnight-Blizzard-Spionage-9783168.html #CozyBear
#TeamViewer-Angriff: Die Spur führt nach #Russland 🇷🇺 | Security https://www.heise.de/news/TeamViewer-Angriff-Die-Spur-fuehrt-nach-Russland-9782630.html #Russia 🇷🇺 #APT29 #CozyBear #MidnightBlizzard #CyberCrime
Russian hackers read the emails you sent us, Microsoft warns more customers - More of Microsoft's clients are being warned that emails they exchanged with the company ... https://www.bitdefender.com/blog/hotforsecurity/russian-hackers-read-your-emails-to-us-microsoft-warns-more-customers/ #securitythreats #databreach #guestblog #microsoft #dataloss #cozybear #nobelium
Fernwartungszugänge sind regelmäßig Thema, wenn es um Cyber-Sicherheit von Unternehmen geht. Sehr häufig nutzen Unternehmen den TeamViewer. Dort hat es wohl einen Angriff der russischen Hackergruppe Cozy Bear bzw. APT29 gegeben. Wie weitreichend der Angriff war, wird gerade untersucht. #teamviewer #hackerangriff #cybercrime #fernwartung #cozybear #apt29 #russia #russland
📬 Sicherheitsvorfall bei TeamViewer: Steckt der russische Geheimdienst dahinter?
#ITSicherheit #APT29 #CozyBear #HealthISAC #NCCGroup #Sicherheitsvorfall #TeamViewer https://sc.tarnkappe.info/ce70e5
#Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says
“Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.”
https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
In unserem letzten #InfoMonday haben wir bereits einige der bekanntesten #Hacker-Gruppen, die im Auftrag des russischen #Geheimdienst|es #Cyberangriffe durchführen, vorgestellt. Neben #FancyBear, #CozyBear und #BerserkBear stellen wir heute 2 weitere Gruppierungen vor: 🐻
▶️ #VoodooBear: Die vor allem als #Sandworm bekannte Hackergruppierung wird dem russischen Geheimdienst #GRU zugeschrieben und soll ab 2015 Angriffe auf ukrainische #Infrastruktur und #Energie|versorgung verantworten 📡
1/2
▶️ #CozyBear: Cozy Bear agiert insbesondere mittels #Trojaner|n. Ähnlich wie Fancy Bear infiltrierten sie insbesondere IT Infrastruktur westlicher Staaten um Informationen aus zuleiten 📡
▶️ #BerserkBear: Beserk Bear operiert mindestens seit 2018 in den USA und Deutschland, wo sie zu Zwecken der #Spionage in Systeme von Unternehmen im Bereich der #Energie- und Wasserversorgung eindrangen 💡
Mehr dazu in unserem #Blog unter: https://www.vioffice.de/de/blog/cyberattack-on-democracies/ 🇩🇪🇬🇧
2/2
Splunk provides a detailed analysis of the tactics, techniques, and procedures (TTPs) employed by APT29 in the campaign targeting German political parties with the new WINELOADER backdoor. APT29, aka Midnight Blizzard and Cozy Bear, is publicly attributed to Russian Foreign Intelligence Service (SVR). IOC and Yara rules provided.🔗 https://www.splunk.com/en_us/blog/security/wineloader-analysis.html
#APT29 #MidnightBlizzard #CozyBear #threatintel #WINELOADER #threatintel #IOC #Russia #cyberespionage
#Microsoft has been #pwned for two times in the last six month. Does it change anything?
Ars Technica: Microsoft finally explains cause of Azure breach: An engineer’s account was hacked.
Last year #Azure was pwned by #Storm-0558, „a china-based threat actor with activities and methods consistent with espionage objectives.“
CNN: Russian hackers breached key Microsoft systems.
And now they are still pwned by #CozyBear, „russian state-backed hackers“. Does anybody care about this?
We really need to push forward our open source ressources.
#opensource
Ars Technica: Microsoft finally explains cause of Azure breach: An engineer’s account was hacked.
Last year #Azure was pwned by #Storm-0558, „a china-based threat actor with activities and methods consistent with espionage objectives.“
CNN: Russian hackers breached key Microsoft systems.
And now they are still pwned by #CozyBear, „russian state-backed hackers“. Does anybody care about this?
We really need to push forward our open source ressources.
#opensource
Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties
https://thehackernews.com/2024/03/russian-hackers-use-wineloader-malware.html #Kreml #Cybercrime #Phishing #Malware #WINELOADER #CozyBear #APT29
Kreml-Hackerangriff auf deutsche Politiker
https://www.zdf.de/nachrichten/politik/ausland/russland-hacker-angriff-deutsche-politiker-cozy-bear-100.html #Kreml #Cybercrime #Phishing #CozyBear #APT29
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst