The state-backed Russian cyberespionage group Cozy Bear has been particularly prolific in 2022, targeting Microsoft 365 accounts in NATO countries and attempting to access foreign policy information.
Microsoft 365 is a cloud-based productivity suite predominately used by business and enterprise entities, facilitating collaboration, communication, data storage, email, office, and more.
Mandiant, who has been tracking the activities of Cozy Bear (aka APT29 and Nobelium), reports that the Russian hackers have been vigorously targeting Microsoft 365 accounts in espionage campaigns.
Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29 (v1.3)
#Analysis #CTI #IoCs #TTPs #APT