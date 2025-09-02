Threat Intelligence
APT29 attack campaign against Microsoft 365 foiled
Russian state-backed hacking operation APT29, also known as Midnight Blizzard, had its watering hole attack campaign against Microsoft 365 accounts thwarted by Amazon's threat intelligence team, BleepingComputer reports. Numerous websites have already been breached as part of the campaign, with nearly 10% of the hacked websites' visitors redirected to fake Cloudflare verification pages that prompted a nefarious Microsoft device code authentication flow meant to lure victims into approving attacker-controlled devices, according to the Amazon report. Despite APT29's efforts to move to another cloud provider and establish new domain names following the initial isolation of its EC2 instances, Amazon researchers were able to monitor and eventually dismantle the illicit activity, which represents an evolution of the threat operation's intelligence and credential exfiltration operations. Organizations have been urged to combat such attack techniques by activating multi-factor authentication, validating device authorization requests, and avoiding webpage-copied command execution, as well as approving conditional access policies, deactivating unneeded device authorizations, and maintaining vigilance on questionable authentication activity.
