Amazon seizes domains used by Russian hackers to target Windows systems

Midnight Blizzard found impersonating AWS in attacks against governments and military

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Amazonhas seized a number of internet domains used by Russian hackers to launch phishing attacks.

In ablog post, CJ Moses, Chief Information Security Officer at Amazon, said a Russian state-sponsored threat actor known as MidnightBlizzard(AKA APT29) was spotted running a large-scale phishing attack against government agencies, enterprises, and militaries.

The attacks were impersonating Amazon Web Services (AWS), the retail giant’scloudarm, with phishing emails written in the Ukrainian language.

Midnight Blizzard attacks

The goal of the campaign was not to target AWS, or to steal AWS credentials from the victims, Moses noted - instead, Midnight Blizzard was looking for Windows credentials to use throughMicrosoftRemote Desktop.

“Upon learning of this activity, we immediately initiated the process of seizing the domains APT29 was abusing which impersonated AWS in order to interrupt the operation,” Moses added. “CERT-UA has issued an advisory with additional details on their work.”

CERT-UA is the Computer Emergency Response Team of Ukraine, a specialized structural unit of the State Center for Cyber Defense of the State Service for Special Communications and Information Protection of Ukraine.

You may remember Midnight Blizzard as the threat actor behind the famedMicrosoft attackthat forced the company to completely revamp its security policies.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In early 2024, Microsoft revealed it had been attacked by the group, which managed to gain access to corporate email accounts in the company’s cybersecurity and legal departments.

The tech giant later confirmed that the breach was not confined, and that corporate accounts belonging to organizations outside of Microsoft were also affected.

Because of this, and a number of other incidents, the company was slammed by both the cybersecurity community and the US government, prompting the Secure Future Initiative - the company’s promise of a complete security overhaul.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

3 reasons why PIA fell in our best VPN rankings

HPE reveals critical security bug affecting networking access points