Amazon Takes Down Russian APT29 Infrastructure Targeting Users

Amazon’s cybersecurity team has successfully disrupted a sophisticated watering hole campaign orchestrated by APT29, a notorious hacking group linked to Russia’s Foreign Intelligence Service.

The August 2025 operation represents the latest chapter in an ongoing cyber warfare battle between tech giants and state-sponsored threat actors seeking to infiltrate global networks and harvest sensitive credentials.

APT29’s Shift: Domains to Website Hacks

The Russian cyber unit, also known as Midnight Blizzard, has demonstrated remarkable adaptability in its attack methodologies throughout 2024 and 2025.

This latest campaign marks a significant tactical shift from previous operations, showcasing the group’s ability to evolve under pressure from cybersecurity defenders.

Unlike their October 2024 campaign that relied on AWS domain impersonation to distribute malicious Remote Desktop Protocol files, APT29’s newest approach involved compromising legitimate websites and injecting obfuscated JavaScript code.

The attackers strategically redirected only 10% of website visitors to ...