Amazon has seized a number of internet domains used by Russian hackers to launch phishing attacks.
In a blog post, CJ Moses, Chief Information Security Officer at Amazon, said a Russian state-sponsored threat actor known as Midnight Blizzard (AKA APT29) was spotted running a large-scale phishing attack against government agencies, enterprises, and militaries.
The attacks were impersonating Amazon Web Services (AWS), the retail giant’s cloud arm, with phishing emails written in the Ukrainian language.
Midnight Blizzard attacks
The goal of the campaign was not to target AWS, or to steal AWS credentials from the victims, Moses noted – instead, Midnight Blizzard was looking for Windows credentials to use through Microsoft Remote Desktop.
“Upon learning of this activity, we immediately initiated the process of seizing the domains APT29 was abusing which impersonated AWS in order to interrupt the operation,” Moses added. “CERT-UA has issued an advisory with additional details on their work.”
CERT-UA is the Computer Emergency Response Team of Ukraine, a specialized structural unit of the State Center for Cyber Defense of the State Service for Special Communications and Information Protection of Ukraine.
You may remember Midnight Blizzard as the threat actor behind the famed Microsoft attack that forced the company to completely revamp its security policies.
In early 2024, Microsoft revealed it had been attacked by the group, which managed to gain access to corporate email accounts in the company’s cybersecurity and legal departments.
The tech giant later confirmed that the breach was not confined, and that corporate accounts belonging to organizations outside of Microsoft were also affected.
Because of this, and a number of other incidents, the company was slammed by both the cybersecurity community and the US government, prompting the Secure Future Initiative – the company’s promise of a complete security overhaul.
More from TechRadar Pro