Amazon seizes domains used by Russian hackers to target Windows systems

3 weeks ago

(Image credit: Tony Webster / Flickr)

Amazon has seized a number of net domains utilized by Russian hackers to motorboat phishing attacks.

In a blog post, CJ Moses, Chief Information Security Officer astatine Amazon, said a Russian state-sponsored threat character known arsenic Midnight Blizzard (AKA APT29) was spotted moving a large-scale phishing onslaught against authorities agencies, enterprises, and militaries.

The attacks were impersonating Amazon Web Services (AWS), nan unit giant’s cloud arm, pinch phishing emails written successful nan Ukrainian language.

Midnight Blizzard attacks

The extremity of nan run was not to target AWS, aliases to bargain AWS credentials from nan victims, Moses noted - instead, Midnight Blizzard was looking for Windows credentials to usage done Microsoft Remote Desktop.

“Upon learning of this activity, we instantly initiated nan process of seizing nan domains APT29 was abusing which impersonated AWS successful bid to interrupt nan operation,” Moses added. “CERT-UA has issued an advisory pinch further specifications connected their work.”

CERT-UA is nan Computer Emergency Response Team of Ukraine, a specialized structural portion of nan State Center for Cyber Defense of nan State Service for Special Communications and Information Protection of Ukraine.

You whitethorn retrieve Midnight Blizzard arsenic nan threat character down nan famed Microsoft attack that forced nan institution to wholly revamp its information policies.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

In early 2024, Microsoft revealed it had been attacked by nan group, which managed to summation entree to firm email accounts successful nan company’s cybersecurity and ineligible departments.

The tech elephantine later confirmed that nan breach was not confined, and that firm accounts belonging to organizations extracurricular of Microsoft were besides affected.

Because of this, and a number of different incidents, nan institution was slammed by some nan cybersecurity organization and nan US government, prompting nan Secure Future Initiative - nan company’s committedness of a complete information overhaul.

More from TechRadar Pro

Email threats are becoming much vulnerable than ever — truthful support an oculus connected your inbox
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology