#apt29 — Public Fediverse posts

📢 ConsentFix v3 : un nouveau toolkit criminel OAuth diffusé sur le forum XSS
📝 ## 🔍 Contexte

Publié le 23 avril 2026 par Push Security, cet article analyse **ConsentFix v3**, un nouveau toolkit criminel diffusé sur le forum **XSS** (s...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-23-consentfix-v3-un-nouveau-toolkit-criminel-oauth-diffuse-sur-le-forum-xss/
🌐 source : https://pushsecurity.com/blog/consentfix-v3-analyzing-a-new-toolkit/
#APT29 #ConsentFix #Cyberveille

"Patch Your Network" - A powerful EDM track about defending against sophisticated adversaries! Featuring AENDZI's incredible vocals & a danceable groove that makes security awareness unforgettable. Remember: APT29 is watching!
Watch here: https://www.youtube.com/watch?v=VL57hVgsq9g
#cybersecurity #infosec #APT29 #music #EDM #security

Operational summary:
Threat actor: UAC-0050
Alias: DaVinci Group / Mercenary Akula (per BlueVoyant)
Tooling: RMS (Remote Manipulator System)
Delivery: Spear-phishing, spoofed judicial domain, layered archives
TTP alignment consistent with reporting from CERT-UA.

Strategic overlay:
Russia-nexus actors, including APT29, continue high-confidence trust exploitation campaigns, as outlined by CrowdStrike.

Detection priorities:
- Monitor MSI execution anomalies
- Flag double-extension binaries
- Inspect outbound RMS traffic
- Harden executive email authentication
Follow for tactical intelligence briefings.
Comment with detection engineering recommendations.

#Infosec #ThreatIntel #UAC0050 #APT29 #RMS #SpearPhishing #DetectionEngineering #CyberEspionage #SOC #BlueTeam #SecurityOperations

"Patch Your Network" - A powerful EDM track about defending against sophisticated adversaries! Featuring AENDZI's incredible vocals & a danceable groove that makes security awareness unforgettable. Remember: APT29 is watching!
Watch here: https://www.youtube.com/watch?v=VL57hVgsq9g
#cybersecurity #infosec #APT29 #music #EDM #security

"Patch Your Network" - A powerful EDM track about defending against sophisticated adversaries! Featuring AENDZI's incredible vocals & a danceable groove that makes security awareness unforgettable. Remember: APT29 is watching!
Watch here: https://www.youtube.com/watch?v=VL57hVgsq9g
#cybersecurity #infosec #APT29 #music #EDM #security

They're called "cozy" because they're in no hurry: once they enter a system, they stay there for months undetected, gathering intel from sensitive targets. This is how Russia spies on the West.

#APT29 #cozyBear #espionage #Russia #cyberwarfare

https://negativepid.blog/cyber-warfare-groups-apt29-cozy-bear/

"Patch Your Network" - A powerful EDM track about defending against sophisticated adversaries! Featuring AENDZI's incredible vocals & a danceable groove that makes security awareness unforgettable. Remember: APT29 is watching!
Watch here: https://www.youtube.com/watch?v=VL57hVgsq9g
#cybersecurity #infosec #APT29 #music #EDM #security

How Russia-Linked Spies Turned Everyday Websites into Surveillance Traps aka ‘Watering Hole’ https://thecyberexpress.com/russian-linked-spies-watering-hole-traps/ #ThreatIntelligenceNews #WateringHoleAttacks #AmazonWebServices #FirewallDaily #ThreatActors #wateringhole #RussianSVR #CyberNews #APT29 #AWS #SVR

How Russia-Linked Spies Turned Everyday Websites into Surveillance Traps aka ‘Watering Hole’ https://thecyberexpress.com/russian-linked-spies-watering-hole-traps/ #ThreatIntelligenceNews #WateringHoleAttacks #AmazonWebServices #FirewallDaily #ThreatActors #wateringhole #RussianSVR #CyberNews #APT29 #AWS #SVR

How Russia-Linked Spies Turned Everyday Websites into Surveillance Traps aka ‘Watering Hole’ https://thecyberexpress.com/russian-linked-spies-watering-hole-traps/ #ThreatIntelligenceNews #WateringHoleAttacks #AmazonWebServices #FirewallDaily #ThreatActors #wateringhole #RussianSVR #CyberNews #APT29 #AWS #SVR

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users https://www.securityweek.com/amazon-disrupts-russian-hacking-campaign-targeting-microsoft-users/ #MidnightBlizzard #Identity&Access #CloudSecurity #CozyBear #Russia #APT29

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users https://www.securityweek.com/amazon-disrupts-russian-hacking-campaign-targeting-microsoft-users/ #MidnightBlizzard #Identity&Access #CloudSecurity #CozyBear #Russia #APT29

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users https://www.securityweek.com/amazon-disrupts-russian-hacking-campaign-targeting-microsoft-users/ #MidnightBlizzard #Identity&Access #CloudSecurity #CozyBear #Russia #APT29

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users https://www.securityweek.com/amazon-disrupts-russian-hacking-campaign-targeting-microsoft-users/ #MidnightBlizzard #Identity&Access #CloudSecurity #CozyBear #Russia #APT29

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users https://www.securityweek.com/amazon-disrupts-russian-hacking-campaign-targeting-microsoft-users/ #MidnightBlizzard #Identity&Access #CloudSecurity #CozyBear #Russia #APT29

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users https://www.securityweek.com/amazon-disrupts-russian-hacking-campaign-targeting-microsoft-users/ #MidnightBlizzard #Identity&Access #CloudSecurity #CozyBear #Russia #APT29

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users https://www.securityweek.com/amazon-disrupts-russian-hacking-campaign-targeting-microsoft-users/ #MidnightBlizzard #Identity&Access #CloudSecurity #CozyBear #Russia #APT29

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users https://www.securityweek.com/amazon-disrupts-russian-hacking-campaign-targeting-microsoft-users/ #MidnightBlizzard #Identity&Access #CloudSecurity #CozyBear #Russia #APT29

Amazon Disrupts Russian APT29 Watering Hole Targeting Microsoft Authentication – Source:hackread.com https://ciso2ciso.com/amazon-disrupts-russian-apt29-watering-hole-targeting-microsoft-authentication-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #MidnightBlizzard #cybersecurity #CyberAttacks #CyberAttack #CloudFlare #Microsoft #Hackread #security #Amazon #Russia #APT29 #AWS

Amazon Disrupts Russian APT29 Watering Hole Targeting Microsoft Authentication https://hackread.com/amazon-disrupts-russia-apt29-watering-hole-microsoft-auth/ #MidnightBlizzard #Cybersecurity #CyberAttacks #CyberAttack #CloudFlare #Microsoft #Security #Amazon #Russia #APT29 #AWS

Amazon has disrupted a Russian #APT29 watering hole campaign that used compromised websites to target Microsoft’s device code authentication.

Read: https://hackread.com/amazon-disrupts-russia-apt29-watering-hole-microsoft-auth/

#CyberSecurity #CyberAttack #Russia #Amazon #Microsoft

Amazon blocks APT29 campaign targeting Microsoft device code authentication – Source: securityaffairs.com https://ciso2ciso.com/amazon-blocks-apt29-campaign-targeting-microsoft-device-code-authentication-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #Cyberespionage #BreakingNews #Intelligence #SecurityNews #hackingnews #hacking #Amazon #Russia #APT29

Amazon disrupts watering hole campaign by Russia’s APT29
#APT29
https://aws.amazon.com/blogs/security/amazon-disrupts-watering-hole-campaign-by-russias-apt29/

"Patch Your Network" - A powerful EDM track about defending against sophisticated adversaries! Featuring AENDZI's incredible vocals & a danceable groove that makes security awareness unforgettable. Remember: APT29 is watching!
Watch here: https://www.youtube.com/watch?v=VL57hVgsq9g
#cybersecurity #infosec #APT29 #music #EDM #security

Russian Hackers Bypass Gmail MFA with App Specific Password Ruse https://www.securityweek.com/russian-hackers-bypass-gmail-mfa-with-app-specific-password-ruse/ #appspecificpasswords #Identity&Access #EmailSecurity #NationState #CitizenLab #google #Russia #APT29 #Gmail

Russian Hackers Bypass Gmail MFA with App Specific Password Ruse https://www.securityweek.com/russian-hackers-bypass-gmail-mfa-with-app-specific-password-ruse/ #appspecificpasswords #Identity&Access #EmailSecurity #NationState #CitizenLab #google #Russia #APT29 #Gmail

Custom AI Prompting in Uncoder AI Enables On-Demand Detection Generation – Source: socprime.com https://ciso2ciso.com/custom-ai-prompting-in-uncoder-ai-enables-on-demand-detection-generation-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #DetectionContent #SOCPrimePlatform #socprimecom #socprime #Splunk #APT29 #Blog

Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats – Source:hackread.com https://ciso2ciso.com/cozy-bears-wine-lure-drops-wineloader-malware-on-eu-diplomats-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #MidnightBlizzard #cybersecurity #CyberAttacks #PhishingScam #CyberAttack #GrapeLoader #WineLoader #CozyBear #Hackread #security #malware #europe #Russia #APT29

Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats – Source:hackread.com https://ciso2ciso.com/cozy-bears-wine-lure-drops-wineloader-malware-on-eu-diplomats-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #MidnightBlizzard #cybersecurity #CyberAttacks #PhishingScam #CyberAttack #GrapeLoader #WineLoader #CozyBear #Hackread #security #malware #europe #Russia #APT29

Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats – Source:hackread.com https://ciso2ciso.com/cozy-bears-wine-lure-drops-wineloader-malware-on-eu-diplomats-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #MidnightBlizzard #cybersecurity #CyberAttacks #PhishingScam #CyberAttack #GrapeLoader #WineLoader #CozyBear #Hackread #security #malware #europe #Russia #APT29

Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats – Source:hackread.com https://ciso2ciso.com/cozy-bears-wine-lure-drops-wineloader-malware-on-eu-diplomats-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #MidnightBlizzard #cybersecurity #CyberAttacks #PhishingScam #CyberAttack #GrapeLoader #WineLoader #CozyBear #Hackread #security #malware #europe #Russia #APT29

Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats https://hackread.com/cozy-bear-wine-lure-wineloader-malware-eu-diplomats/ #MidnightBlizzard #Cybersecurity #CyberAttacks #PhishingScam #CyberAttack #GrapeLoader #WineLoader #Security #CozyBear #Malware #europe #Russia #APT29

Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats https://hackread.com/cozy-bear-wine-lure-wineloader-malware-eu-diplomats/ #MidnightBlizzard #Cybersecurity #CyberAttacks #PhishingScam #CyberAttack #GrapeLoader #WineLoader #Security #CozyBear #Malware #europe #Russia #APT29

Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats https://hackread.com/cozy-bear-wine-lure-wineloader-malware-eu-diplomats/ #MidnightBlizzard #Cybersecurity #CyberAttacks #PhishingScam #CyberAttack #GrapeLoader #WineLoader #Security #CozyBear #Malware #europe #Russia #APT29

Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats https://hackread.com/cozy-bear-wine-lure-wineloader-malware-eu-diplomats/ #MidnightBlizzard #Cybersecurity #CyberAttacks #PhishingScam #CyberAttack #GrapeLoader #WineLoader #Security #CozyBear #Malware #europe #Russia #APT29

Russian hacker group Cozy Bear (aka #MidnightBlizzard, APT29) is back, using wine-tasting invites to phish EU diplomats. The bait? A new wave of WineLoader malware. 🍷🎣

Read: https://hackread.com/cozy-bear-wine-lure-wineloader-malware-eu-diplomats/

#CyberSecurity #APT29 #WineLoader #Russia #EU

Russian hacker group Cozy Bear (aka #MidnightBlizzard, APT29) is back, using wine-tasting invites to phish EU diplomats. The bait? A new wave of WineLoader malware. 🍷🎣

Read: https://hackread.com/cozy-bear-wine-lure-wineloader-malware-eu-diplomats/

#CyberSecurity #APT29 #WineLoader #Russia #EU

Russian hacker group Cozy Bear (aka #MidnightBlizzard, APT29) is back, using wine-tasting invites to phish EU diplomats. The bait? A new wave of WineLoader malware. 🍷🎣

Read: https://hackread.com/cozy-bear-wine-lure-wineloader-malware-eu-diplomats/

#CyberSecurity #APT29 #WineLoader #Russia #EU

Russian hacker group Cozy Bear (aka #MidnightBlizzard, APT29) is back, using wine-tasting invites to phish EU diplomats. The bait? A new wave of WineLoader malware. 🍷🎣

Read: https://hackread.com/cozy-bear-wine-lure-wineloader-malware-eu-diplomats/

#CyberSecurity #APT29 #WineLoader #Russia #EU

Russian hacker group Cozy Bear (aka #MidnightBlizzard, APT29) is back, using wine-tasting invites to phish EU diplomats. The bait? A new wave of WineLoader malware. 🍷🎣

Read: https://hackread.com/cozy-bear-wine-lure-wineloader-malware-eu-diplomats/

#CyberSecurity #APT29 #WineLoader #Russia #EU

Good day everyone!

Check Point Software researchers produced another great article that involves #APT29 and #phishing and a little bit of masquerading. This phishing campaign targeted European diplomatic entities that distributes fake invitations to diplomatic events and appears to be a continuation of a previous campaign run by the same actors. These phishing emails utilized a backdoor known as #Wineloader and also employs a new loader #Grapeloader. There is a lot to unpack here and I hope you enjoy!

Renewed APT29 Phishing Campaign Against European Diplomats
https://research.checkpoint.com/2025/apt29-phishing-campaign/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Good day everyone!

Check Point Software researchers produced another great article that involves #APT29 and #phishing and a little bit of masquerading. This phishing campaign targeted European diplomatic entities that distributes fake invitations to diplomatic events and appears to be a continuation of a previous campaign run by the same actors. These phishing emails utilized a backdoor known as #Wineloader and also employs a new loader #Grapeloader. There is a lot to unpack here and I hope you enjoy!

Renewed APT29 Phishing Campaign Against European Diplomats
https://research.checkpoint.com/2025/apt29-phishing-campaign/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Good day everyone!

Check Point Software researchers produced another great article that involves #APT29 and #phishing and a little bit of masquerading. This phishing campaign targeted European diplomatic entities that distributes fake invitations to diplomatic events and appears to be a continuation of a previous campaign run by the same actors. These phishing emails utilized a backdoor known as #Wineloader and also employs a new loader #Grapeloader. There is a lot to unpack here and I hope you enjoy!

Renewed APT29 Phishing Campaign Against European Diplomats
https://research.checkpoint.com/2025/apt29-phishing-campaign/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Good day everyone!

Check Point Software researchers produced another great article that involves #APT29 and #phishing and a little bit of masquerading. This phishing campaign targeted European diplomatic entities that distributes fake invitations to diplomatic events and appears to be a continuation of a previous campaign run by the same actors. These phishing emails utilized a backdoor known as #Wineloader and also employs a new loader #Grapeloader. There is a lot to unpack here and I hope you enjoy!

Renewed APT29 Phishing Campaign Against European Diplomats
https://research.checkpoint.com/2025/apt29-phishing-campaign/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Good day everyone!

Check Point Software researchers produced another great article that involves #APT29 and #phishing and a little bit of masquerading. This phishing campaign targeted European diplomatic entities that distributes fake invitations to diplomatic events and appears to be a continuation of a previous campaign run by the same actors. These phishing emails utilized a backdoor known as #Wineloader and also employs a new loader #Grapeloader. There is a lot to unpack here and I hope you enjoy!

Renewed APT29 Phishing Campaign Against European Diplomats
https://research.checkpoint.com/2025/apt29-phishing-campaign/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Our latest blog post is live, check it out!

🗞️ https://opalsec.io/daily-news-update-sunday-march-30-2025-australia-melbourne/

* 👾 Obscure Programming Languages in Malware: Malware authors are getting creative, using less common languages like Rust, Nim, Phix, Lisp and Haskell to evade detection - and it works.
* 💔 $8.2 Million Seized in Crypto Romance Baiting: The DOJ just seized millions in USDT from "romance baiting" scams (aka pig butchering), with links to human trafficking in Cambodia and Myanmar. This is a stark reminder of the human element in cybercrime.

Don't forget, you can subscribe to our newsletter here to get the updates straight to your inbox!

📨https://opalsec.io/daily-news-update-sunday-march-30-2025-australia-melbourne/#/portal/signup

#cybersecurity #malware #ransomware #cryptoscams #threatintel #infosec #rustlang #phishing #APT29 #pigbutchering #usdt #doj #fbi #cybercrime #securityresearch #zerotrust #threatdetection #reversengineering

Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
#APT29
https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/

Finally also available in english.

#fern #ssh #xz #backdoor #JiaTan #CozyBear #APT29 #security

https://www.youtube.com/watch?v=F7iLfuci75Y

📬 Sicherheitsvorfall bei TeamViewer: Steckt der russische Geheimdienst dahinter?
#ITSicherheit #APT29 #CozyBear #HealthISAC #NCCGroup #Sicherheitsvorfall #TeamViewer https://sc.tarnkappe.info/ce70e5

Happy Friday everyone!

A Joint Advisory from the National Security Agency, Federal Bureau of Investigation (FBI), Cyber National Mission Force, and the National Cyber Security Centre provides updates on the Russian Federation's Foreign Intelligence Service, or #SVR.

According to the advisory, #APT29 (a.k.a Midnight Blizzard, Cozy Bear, and the Dukes) has targeted the defense, technology, and finance sectors to collect foreign intelligence and enable future cyber operations. They aim to exploit software vulnerabilities for initial access and escalate privileges. They also utilize spearphishing campaigns, password spraying, abuse of supply chain and trusted relationships. They also utilize custom malware and living-off-the-land (LOLBINs) techniques for multiple techniques.

The report includes a list of #CVEs that APT29 has been observed exploiting and attach the vendor and product that are effected with details that describe the vulnerability along with a section of mitigations that your organization can take to increase your security posture.

If you are looking for behaviors that are attributed to APT29, look no further than the MITRE ATT&CK Matrix! This resource has collected historic #TTPs and behaviors and referenced them as well. So while you are working on hardening your environment you can also hunt for their activity as well! Enjoy and Happy Hunting!

Article Source:
Update on SVR Cyber Operations and Vulnerability Exploitation
https://www.ic3.gov/Media/News/2024/241010.pdf

Mitre source:
https://attack.mitre.org/groups/G0016/

Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting Cyborg Security, Now Part of Intel 471