Russian Hackers Target Cloud Services, Governments Worldwide Using Stolen Credentials and Stealthy Malware
-
Russian hackers from the group APT29 are shifting attacks to target cloud services as organizations modernize systems.
-
They are gaining initial access through compromised credentials, dormant accounts, stolen access tokens, compromised routers, and registering their own devices.
-
Once inside, they use tools like MagicWeb malware to evade detection.
-
Targets include government and critical organizations in Europe, U.S., and Asia.
-
Mitigations include enabling MFA, least privilege principles, canary accounts, shorter sessions, authorizing devices, and monitoring for indicators of compromise.