Amazon Disrupts Russian APT29 Watering Hole Targeting Microsoft Authentication

Amazon has disrupted a Russian APT29 watering hole campaign that used compromised sites to target Microsoft authentication with malicious redirects.

Amazon’s security team has identified and disrupted a new campaign by APT29, also tracked as Midnight Blizzard, a threat group linked to Russia’s Foreign Intelligence Service (SVR). This time, the group had set up a watering hole campaign, planting malicious code on legitimate websites to redirect unsuspecting visitors toward attacker-controlled infrastructure.

From there, the attackers tried to trick people into approving unauthorised devices through Microsoft’s device code authentication system, a technique that could have given them access to sensitive accounts.

For your information, “Waterholing” or watering hole is a type of cyberattack where malicious actors compromise a website or online platform frequently visited by a specific target group, intending to infect their computers with malware when they visit.

It is worth noting that in the past, APT29 ...