Skip to content
Sign In Subscribe
Cybersecurity | english only |NewsCybersecurityEnglish

APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network

 and  Katalin Béres
1 min read

Table of Contents

The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming following a successful phishing attack against an unnamed European diplomatic entity.
"The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up.
APT29, a Russian espionage group also called Cozy Bear, Iron Hemlock, and The Dukes, is known for its intrusions aimed at collecting intelligence that align with the country's strategic objectives. It's believed to be sponsored by the Foreign Intelligence Service (SVR).
APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network
Russia-linked APT29 hackers has been found leveraging a “lesser-known” Windows feature called “Credential Roaming” in attack on European diplomatic.
The Hacker NewsRavie Lakshmanan

#IoCs #Analysis #Campaign #Russia #ThreatActor #APT29 #CozyBear

Related

Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 28
Cybersecurity | english only |

Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 28

Ukrainian hacktivist team Cyber Resistance hacked the email of Lieutenant Colonel Sergey Alexandrovich Morgachev, an officer of the Russian Main Intelligence Directorate of the General Staff of the Russian Army (GRU), leader of the Russian hacker group APT 28, consisting of officers of the 85th Main Special Service Center of

 and  Katalin Béres
Members Public
Supply Chain Attack Against Customers Of Business Phone Provider 3CX Using Trojanized 3CX Desktop App
Cybersecurity | english only |

Supply Chain Attack Against Customers Of Business Phone Provider 3CX Using Trojanized 3CX Desktop App

Hackers may have compromised the networks of thousands of businesses due to a supply-chain attack on the enterprise phone company 3CX, which confirmed on Thursday its desktop app had been bundled with malware. 3CX provides office phone systems to more than 12 million daily users at over 600,000 companies,

 and  Katalin Béres
Members Public
Analysis of the "#VulkanFiles" Leak
Cybersecurity | english only |

Analysis of the "#VulkanFiles" Leak

A whistleblower has provided several media organizations with access to leaked documents from a Russian IT firm named NTC Vulkan (Russian: НТЦ Вулкан) that allegedly show how the firm supports Russia's military and intelligence agencies with cyber warfare tools. Journalists from Der Spiegel and Munich-based investigative group Paper

 and  Katalin Béres
Members Public

Latest

Szele Tamás: A terjeszkedő Kína
Geopolitics

Szele Tamás: A terjeszkedő Kína

Hszi elnök nagy mágus, Putyin elnök nagy harcos, Emomali Rahmon tádzsik elnök pedig... nos, ő az az ember, akinek a véleményére az előző két úr egyáltalán nem kíváncsi.

 and  Szele Tamás
Members Public