Russian-aligned hacker group APT29, also known as Cozy Bear, has launched a significant espionage campaign against Ukrainian government, military, and industrial sectors. The latest report from Amazon Web Services (AWS) links these attacks to Russia’s Foreign Intelligence Service (SVR). Known for high-profile breaches, including the SolarWinds hack, APT29 employed malicious emails designed to look like they came from Amazon or Microsoft to deceive and infiltrate devices.
Researchers from CERT-UA and AWS revealed that APT29 aimed to harvest Windows credentials using tactics like phishing and exploiting Microsoft Remote Desktop. Some fake AWS domains were also used to trick victims, though AWS clarified that neither their platform nor customer credentials were direct targets. AWS has since begun seizing these fraudulent domains to disrupt the operation.
Additionally, Ukraine identified another campaign attributed to APT28 (Fancy Bear), using Google’s reCAPTCHA service to evade detection. This effort involved malware that could extract sensitive browser data and install Metasploit, a tool hackers exploit to breach and persist in targeted networks.
These attacks underscore the Kremlin’s sustained cyber operations against Ukraine, especially amid heightened international scrutiny.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
Interesting. So while Russia now considers cyberattacks against it grounds for using nukes, they apparently have no compunction against doing it themselves. Seems like they are inviting a response with sobering possibilities 🧐
You’re absolutely right, Darryl! The inconsistency is striking—condemning cyber aggression on one hand while reportedly deploying it on the other. Such a stance not only risks escalating global tensions but also sets a precedent that could lead to severe and unpredictable outcomes. It’s a precarious line they’re treading.