TechNaduFeb 25

Operational summary:
Threat actor: UAC-0050
Alias: DaVinci Group / Mercenary Akula (per BlueVoyant)
Tooling: RMS (Remote Manipulator System)
Delivery: Spear-phishing, spoofed judicial domain, layered archives
TTP alignment consistent with reporting from CERT-UA.

Strategic overlay:
Russia-nexus actors, including APT29, continue high-confidence trust exploitation campaigns, as outlined by CrowdStrike.

Detection priorities:
- Monitor MSI execution anomalies
- Flag double-extension binaries
- Inspect outbound RMS traffic
- Harden executive email authentication
Follow for tactical intelligence briefings.
Comment with detection engineering recommendations.

#Infosec #ThreatIntel #UAC0050 #APT29 #RMS #SpearPhishing #DetectionEngineering #CyberEspionage #SOC #BlueTeam #SecurityOperations

Niels ProvosFeb 14
"Patch Your Network" - A powerful EDM track about defending against sophisticated adversaries! Featuring AENDZI's incredible vocals & a danceable groove that makes security awareness unforgettable. Remember: APT29 is watching!
Watch here: https://www.youtube.com/watch?v=VL57hVgsq9g
#cybersecurity #infosec #APT29 #music #EDM #security
Niels ProvosFeb 1
"Patch Your Network" - A powerful EDM track about defending against sophisticated adversaries! Featuring AENDZI's incredible vocals & a danceable groove that makes security awareness unforgettable. Remember: APT29 is watching!
Watch here: https://www.youtube.com/watch?v=VL57hVgsq9g
#cybersecurity #infosec #APT29 #music #EDM #security
Negative PID SLJan 15

They're called "cozy" because they're in no hurry: once they enter a system, they stay there for months undetected, gathering intel from sensitive targets. This is how Russia spies on the West.

#APT29 #cozyBear #espionage #Russia #cyberwarfare

https://negativepid.blog/cyber-warfare-groups-apt29-cozy-bear/

Cyber warfare groups: APT29 (Cozy Bear) - Negative PID

APT29 is a cyber unit that operates behind the world’s most powerful governments. Their intrusions rarely make headlines because, unlike other groups, they

Negative PID
Niels ProvosOct 26
"Patch Your Network" - A powerful EDM track about defending against sophisticated adversaries! Featuring AENDZI's incredible vocals & a danceable groove that makes security awareness unforgettable. Remember: APT29 is watching!
Watch here: https://www.youtube.com/watch?v=VL57hVgsq9g
#cybersecurity #infosec #APT29 #music #EDM #security
CyberVeille.chOct 3
📢 CERT-EU dresse le panorama des menaces de septembre 2025 : APTs actives, zero-days critiques et attaques supply chain
📝 Source et contexte: CERT-EU publie un état des lieux des menaces pour septembr...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-02-cert-eu-dresse-le-panorama-des-menaces-de-septembre-2025-apts-actives-zero-days-critiques-et-attaques-supply-chain/
🌐 source : https://cert.europa.eu/publications/threat-intelligence/cb25-10/
#APT29 #CERT_EU #Cyberveille
CERT-EU dresse le panorama des menaces de septembre 2025 : APTs actives, zero-days critiques et attaques supply chain

Source et contexte: CERT-EU publie un état des lieux des menaces pour septembre 2025, fondé sur l’analyse de 285 rapports open source et illustré par des opérations d’APT, des vulnérabilités zero-day critiques et des campagnes supply chain. • Contexte et faits saillants: L’analyse met en avant des évolutions géopolitiques et réglementaires, dont l’évasion de sanctions de l’UE par l’entité liée à la Russie « Stark Industries », l’adoption de la première loi IA en Italie et la reclassification par la Tchéquie de la menace chinoise au niveau « Élevé ». Des activités d’espionnage notables incluent l’Iran (UNC1549) contre les secteurs défense/télécoms européens, la coopération Turla + Gamaredon contre l’Ukraine, et l’arrestation de mineurs néerlandais impliqués dans un espionnage lié à la Russie.

CyberVeille
The DefendOps DiariesSep 1, 2025

Amazon, Cloudflare, and Microsoft just disrupted a notorious hacker group by dismantling their watering hole attack network. How did this major play in cybersecurity unfold? Check out the inside scoop.

https://thedefendopsdiaries.com/amazons-strategic-disruption-of-apt29-a-collaborative-cybersecurity-triumph/

#amazon
#apt29
#cybersecurity
#collaboration
#threatintelligence

Amazon's Strategic Disruption of APT29: A Collaborative Cybersecurity Triumph

Amazon disrupts APT29 with Cloudflare and Microsoft, showcasing the power of collaborative cybersecurity against advanced threats.

The DefendOps Diaries
Hackread.comSep 1, 2025

Amazon has disrupted a Russian #APT29 watering hole campaign that used compromised websites to target Microsoft’s device code authentication.

Read: https://hackread.com/amazon-disrupts-russia-apt29-watering-hole-microsoft-auth/

#CyberSecurity #CyberAttack #Russia #Amazon #Microsoft

Amazon Disrupts Russian APT29 Watering Hole Targeting Microsoft Authentication

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
TechNaduSep 1, 2025

🚨 Amazon disrupts APT29 watering hole campaign abusing Microsoft device code authentication.
Tactics:
🔹 Compromised legit sites
🔹 Fake Cloudflare domains
🔹 Redirected auth flows
🔹 Rapid infra pivots
Amazon + Microsoft + Cloudflare worked together to block ops.
💬 Do you think espionage groups are becoming cloud-native in their attack tradecraft?
Follow @technadu for more cyber threat insights.

#CyberSecurity #APT29 #Amazon #Microsoft #ThreatIntel

CyberVeille.chSep 1, 2025
📢 AWS perturbe une campagne de watering hole d’APT29 visant l’authentification Microsoft par code d’appareil
📝 Selon AWS (aws.amazon.com), l’équipe Threat Intelligence d’Amazon a ide...
📖 cyberveille : https://cyberveille.ch/posts/2025-08-31-aws-perturbe-une-campagne-de-watering-hole-dapt29-visant-lauthentification-microsoft-par-code-dappareil/
🌐 source : https://aws.amazon.com/fr/blogs/security/amazon-disrupts-watering-hole-campaign-by-russias-apt29/
#APT29 #IOC #Cyberveille