{"id":221308,"date":"2025-09-02T08:23:59","date_gmt":"2025-09-02T13:23:59","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/09\/amazon-disrupts-russian-apt29-hackers-targeting-microsoft-365"},"modified":"2025-09-02T08:23:59","modified_gmt":"2025-09-02T13:23:59","slug":"amazon-disrupts-russian-apt29-hackers-targeting-microsoft-365","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/09\/amazon-disrupts-russian-apt29-hackers-targeting-microsoft-365","title":{"rendered":"Amazon disrupts Russian APT29 hackers targeting Microsoft 365"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/amazon-disrupts-russian-apt29-hackers-targeting-microsoft-365.jpg\"><\/a><\/p>\n<p>Researchers have disrupted an operation attributed to the Russian state-sponsored threat group Midnight Blizzard, which sought access to Microsoft 365 accounts and data.<\/p>\n<p>Also known as APT29, the hacker group compromised websites in a watering hole campaign to redirect selected targets \u201cto malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft\u2019s device code authentication flow.\u201d<\/p>\n<p>The Midnight Blizzard threat actor has been linked to Russia\u2019s Foreign Intelligence Service (SVR) and is well-known for its clever phishing methods that recently impacted <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/midnight-blizzard-deploys-new-grapeloader-malware-in-embassy-phishing\/\" target=\"_blank\" rel=\"nofollow noopener\">European embassies<\/a>, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hpe-notifies-employees-of-data-breach-after-russian-office-365-hack\/\" target=\"_blank\" rel=\"nofollow noopener\">Hewlett Packard Enterprise<\/a>, and <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/teamviewer-links-corporate-cyberattack-to-russian-state-hackers\/\" target=\"_blank\" rel=\"nofollow noopener\">TeamViewer<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers have disrupted an operation attributed to the Russian state-sponsored threat group Midnight Blizzard, which sought access to Microsoft 365 accounts and data. Also known as APT29, the hacker group compromised websites in a watering hole campaign to redirect selected targets \u201cto malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft\u2019s device [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-221308","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/221308","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=221308"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/221308\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=221308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=221308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=221308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}