Russia's infamous Cozy Bear, the crew behind the SolarWinds supply chain attack, has expanded its targets and developed its techniques to break into organizations' cloud environments, according to Five Eyes governments.
The Intelligent Russian Bears Roaming Kamchatka | Our world
Cozy Bear, also known as APT29 and Midnight Blizzard, is a cyberespionage group linked to the Russian intelligence service (SVR). It is perhaps best known for backdooring SolarWind's network monitoring software and then using that access to spy on the vendor's customers – including the US Treasury, Justice and Energy Departments and the Pentagon.
Microsoft was also among the high-profile victims that came to light in late 2020 and early 2021. Very recently – just last month – Redmond revealed that the same spies broke into some Microsoft corporate email accounts and stole stolen internal messages and files .
Fast-forward a month, and we're told Cozy Bear has gone beyond its usual methods of gaining initial access — such as exploiting software bugs in local networks — and is targeting victims directly via cloud services.
