All news with #apt29 tag

Amazon Disrupts APT29 Campaign Targeting Microsoft 365

🔒 Amazon disrupted an operation attributed to the Russian state-sponsored group APT29 that used watering-hole compromises to target Microsoft 365 accounts. The attackers injected obfuscated JavaScript into legitimate sites to redirect roughly 10% of visitors to fake Cloudflare verification pages and then into a malicious Microsoft device code authentication flow. Amazon isolated attacker EC2 instances and worked with Cloudflare and Microsoft to take down identified domains; the campaign did not affect Amazon's infrastructure.

Amazon Thwarts APT29 Watering Hole Targeting Microsoft

🔒 Amazon’s threat intelligence team disrupted a watering hole attack attributed to the Russian state‑linked group APT29 that attempted to abuse Microsoft device code authentication flows. Compromised websites injected JavaScript that redirected about 10% of visitors to attacker-controlled domains mimicking Cloudflare verification pages. Amazon reported no AWS service compromise; attackers used evasion techniques and quickly rotated infrastructure.

Amazon Disrupts APT29 Watering Hole Campaign Targeting Users

🔒 Amazon's threat intelligence team identified and disrupted a watering hole campaign conducted by APT29, a group linked to Russia’s SVR. The actor compromised legitimate websites and injected obfuscated JavaScript to redirect a subset of visitors to attacker-controlled pages that mimicked Cloudflare verification. The campaign aimed to abuse Microsoft's device code authentication flow to trick users into authorizing attacker-controlled devices; Amazon isolated affected EC2 instances and coordinated with partners to disrupt infrastructure and share intelligence.