Amazon says it stopped Russian hackers targeting Microsoft logins as Cozy Bear strikes again

• Amazon security experts spotted a watering hole attack tricking users into sharing Microsoft login credentials
• The attack was stopped with the combined efforts of Amazon, Cloudflare, and Microsoft
• Amazon is warning about Cozy Bear's increasing sophistication

Amazon's security experts say they disrupted a new “watering hole” campaign conducted by the Russian state-sponsored threat actor group known as APT29 (Midnight Blizzard, or Cozy Bear).

A watering hole attack is when cybercriminals inject malware into a website usually visited by a specific group of people, hoping to compromise their devices when they access it.

In this case, APT29 managed to compromise multiple websites, and used them to redirect the victims to other, attacker-controlled domains.