The stolen passwords are for a MoD portal specifically designed to be used safely from home via member personal devices, but it appears the Russian hackers have been targeting the devices themselves and intercepting the credentials.
Microsoft and the U.S. Department of Justice have seized over 100 domains used by Kremlin-backed Russian hackers Star Blizzard for cyber espionage against the West.
Unit 29155's actions since 2020 include cyber attacks on a number of federal agencies and critical infrastructure companies in a variety of countries. But the group seems to have switched most of its focus to Ukraine in the weeks prior to the 2022 military invasion.
GRU-affiliated Russian hackers targeted 20 Ukrainian critical infrastructure facilities in March 2024, Ukraine’s Computer Emergency Response Team (CERT-UA) has disclosed.
Leading cybersecurity firm Mandiant believes that a notorious group of Russian hackers is behind a recent rash of attacks on water utilities in several countries, including the United States. On January 18 the group was able to induce a tank overflow at a Texas water treatment plant, and has made similar incursions in France and Poland.
State-sponsored Russian hackers are targeting German political parties with fake dinner invites to deploy WINELOADER backdoors, establish persistence, and exfiltrate data.
Microsoft is now saying that the Russian hackers accessed "some" source code. And while customer-facing systems were not breached, the hackers accessed some confidential emails to customers.
The HPE security breach is not known to be related to the recent announcement from Microsoft that Russian hackers had penetrated the inboxes of its senior leadership. It instead appears to have a connection to a May 2023 attack that the company had previously disclosed.
Microsoft has named "Midnight Blizzard," an established team of Russian state sponsored hackers also referred to as NOBELIUM and Cozy Bear, as the culprit behind a recent security breach that compromised high-level corporate email accounts.
Russian hackers had access to Ukraine's biggest telecoms provider for most of 2023, and likely had "full access" for at least the months of November and December.