CyberSecurityBoard
Sponsor Register Login

Amazon Disrupts APT29 Watering Hole Campaign Targeting Security Researchers

Amazon has successfully disrupted a sophisticated watering hole campaign orchestrated by the notorious APT29 threat group, also known as Cozy Bear. This campaign targeted security researchers by compromising websites frequently visited by cybersecurity professionals to deliver malware and steal sensitive information. The operation highlights the increasing use of watering hole attacks by advanced persistent threat actors to infiltrate high-value targets. Amazon's proactive measures involved identifying and taking down malicious infrastructure, thereby protecting the cybersecurity community from potential breaches. This incident underscores the critical need for vigilance and collaboration between private sector companies and security researchers to combat evolving cyber threats. The disruption of this campaign not only safeguards individual researchers but also strengthens the overall security posture of organizations relying on threat intelligence. As APT29 continues to evolve its tactics, techniques, and procedures (TTPs), ongoing efforts to monitor and mitigate such threats remain essential. This case exemplifies the importance of threat intelligence sharing and rapid response in defending against state-sponsored cyber espionage activities. Security professionals are advised to remain alert to similar watering hole tactics and employ robust security measures to detect and prevent exploitation attempts.

This Cyber News was published on thehackernews.com. Publication date: Sun, 31 Aug 2025 22:14:03 +0000


Cyber News related to Amazon Disrupts APT29 Watering Hole Campaign Targeting Security Researchers

Amazon Disrupts APT29 Watering Hole Campaign Targeting Security Researchers - Amazon has successfully disrupted a sophisticated watering hole campaign orchestrated by the notorious APT29 threat group, also known as Cozy Bear. This campaign targeted security researchers by compromising websites frequently visited by ...
1 month ago Thehackernews.com APT29 Cozy Bear
Amazon warns of Russian APT29 watering hole campaign targeting cloud users - Amazon has issued a warning about a sophisticated watering hole attack campaign orchestrated by the Russian threat group APT29, also known as Cozy Bear. This campaign specifically targets cloud service users by compromising legitimate websites ...
1 month ago Infosecurity-magazine.com APT29 Cozy Bear
1000+ New Fake Domains Mimic Amazon Prime Day Registered to Hunt Online Shoppers - These attacks range from fake calls and phishing emails to malicious links and spoofed websites, all designed to trick shoppers into revealing sensitive account information or making fraudulent payments. During Amazon’s Big Spring Sale in March ...
3 months ago Cybersecuritynews.com
Master the Art of Data Security - As we step further into the digital age, the importance of data security becomes increasingly apparent. As with all data storage services, it's crucial to ensure that the data stored on Amazon S3 is secure, particularly when it's 'at rest'-that is, ...
1 year ago Feeds.dzone.com
Amazon Shuts Down APT29 Watering Hole Attack - Amazon has successfully thwarted a sophisticated watering hole attack orchestrated by the notorious Russian state-sponsored hacking group APT29, also known as Cozy Bear. This cyberattack targeted specific websites frequented by government officials ...
1 month ago Therecord.media APT29 Cozy Bear
Cisco Foundation Grantees prioritize Indigenous leadership to protect the Amazon Basin - This is the first of our three-part series on Cisco Foundation grantees working in the Amazon and South America region. This series will introduce you to eight Cisco Foundation Climate Impact & Regeneration grantees working to support preservation ...
1 year ago Feedpress.me
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com CVE-2023-38831 APT28 APT29
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
The Dark Side of Digital Reading: E-Books as Corporate Surveillance Tools - Americans are reading digital books at a rate of three out of ten. In a market where the majority of readers are subject to both Big Publishing's greed and those of Big Tech, it is no surprise that these readers are subject to both the greed of Big ...
1 year ago Cysecurity.news
Rundown of Security News from AWS re:Invent 2023 - Amazon Web Services has been unveiling a steady stream of announcements during its AWS re:Invent 2023 event in Las Vegas this week. The focus over the four days, as expected, is on AI as AWS strives to show that its offerings can match - or surpass - ...
1 year ago Darkreading.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 months ago Cybersecuritynews.com
ACM will no longer cross sign certificates with Starfield Class 2 starting August 2024 - AWS Certificate Manager is a managed service that you can use to provision, manage, and deploy public and private TLS certificates for use with Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated AWS services. Starting ...
1 year ago Aws.amazon.com
Amazon disrupts Russian APT29 hackers targeting Microsoft 365 - Amazon has successfully disrupted the operations of the Russian cyber espionage group APT29, also known as Cozy Bear, which has been targeting Microsoft 365 users. This group is notorious for its sophisticated cyber attacks aimed at stealing ...
1 month ago Bleepingcomputer.com APT29 Cozy Bear
Lazarus hackers breach six companies in watering hole attacks - In the incidents analyzed by Kaspersky, victims are redirected to sites that mimick software vendors, such as the distributor of Cross EX - a tool that enables South Koreans to use security software in various web browsers for online banking and ...
5 months ago Bleepingcomputer.com
Amazon Prime Video Ads 5 February - Adverts will start appearing for UK users of Amazon Video Prime on 5 February 2024, unless extra fee is paid. Amazon has confirmed that adverts will begin appearing for UK customers of the Amazon Prime Video service in early 2024. In an email to UK ...
1 year ago Silicon.co.uk
TeamViewer says Russia's 'Cozy Bear' hackers attacked corporate IT system - Software company TeamViewer confirmed on Friday that a prolific Russian hacking group breached its corporate IT environment earlier in the week. In an updated statement, the company attributed a recently announced incident to APT29, also known as ...
1 year ago Therecord.media Cozy Bear APT29
TeamViewer says Russia's 'Cozy Bear' hackers attacked corporate IT system - Software company TeamViewer confirmed on Friday that a prolific Russian hacking group breached its corporate IT environment earlier in the week. In an updated statement, the company attributed a recently announced incident to APT29, also known as ...
1 year ago Therecord.media Cozy Bear APT29
Amazon Warns of APT29 Credential Theft Campaign Targeting Cloud Users - Amazon has issued a warning about a credential theft campaign orchestrated by the advanced persistent threat group APT29, also known as Cozy Bear. This campaign specifically targets cloud users, aiming to steal credentials and gain unauthorized ...
1 month ago Darkreading.com APT29 Cozy Bear
Amazon sues REKK fraud gang that stole millions in illicit refunds - Amazon's Customer Protection and Enforcement team has taken legal action against an underground store refund scheme that has resulted in the theft of millions of dollars worth of products from Amazon's online platforms. This lawsuit targets 20 ...
1 year ago Bleepingcomputer.com
New Phishing Attack Targeting Amazon Prime Users To Steal Login Credentials - A sophisticated phishing campaign targeting Amazon Prime users has emerged, leveraging counterfeit renewal notifications to harvest login credentials, payment details, and personal verification data. Clicking the button redirects users to a fake ...
7 months ago Cybersecuritynews.com
China State-Sponsored Spies Hack Site and Target User Systems in Asia - Users of a Tibetan language translation app and website visitors to a Buddhist festival were compromised by a focused watering-hole malware connected to a Chinese threat group. According to recent data from ESET, the so-called Evasive Panda hacking ...
1 year ago Cysecurity.news GALLIUM
Amazon Dismantles Russian APT29 Infrastructure - Amazon has successfully dismantled the infrastructure of the Russian cyber espionage group APT29, also known as Cozy Bear. This operation marks a significant step in combating state-sponsored cyber threats targeting global organizations. APT29 has ...
1 month ago Cybersecuritynews.com APT29 Cozy Bear
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 year ago Aws.amazon.com
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
1 year ago Darkreading.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)