Russia's Cozy Bear dives into cloud environments with a new bag of tricks
Russia's notorious Cozy Bear, the crew behind the SolarWinds supply chain attack, has expanded its targets and evolved its techniques to break into organizations' cloud environments, according to the Five Eyes governments.
Cozy Bear, also known as APT29 and Midnight Blizzard, is a cyber espionage group linked to the Russian Foreign Intelligence Service (SVR). It's perhaps best known for backdooring SolarWinds' network monitoring software and then using that access to spy on the vendor's customers – including the US Treasury, Justice and Energy departments, and the Pentagon.
Microsoft was also among the high-profile victims that came to light in late 2020 and early 2021. Much more recently – just last month – Redmond disclosed that these same spies broke into some Microsoft corporate email accounts and stole stole internal messages and files.