Anti-hacking measures from Microsoft meant to stymie advanced persistent threats are being met with new techniques by one of the most persistent of such threat groups, reports Mandiant.
The threat intelligence firm says it’s witnessing Russian intelligence-linked APT29 engage in new tactics targeting Microsoft 365, the ubiquitous suite of productivity and cloud storage apps.
APT29 also known as Cozy Bear, is known for targeting industries including healthcare, pharmaceutical, academia, energy, financial, government, media and technology, as well as think tanks. The U.S. intelligence community links APT29 with Russia’s Foreign Intelligence Service. The group was behind the SolarWinds Orion attack in 2020.
Among the new techniques the hacking group is using to circumvent Microsoft security is the takeover of dormant Azure accounts, exploiting a weakness in Azure Active Directory multifactor authentication enrollment.
