Microsoft warns of growing APT29 espionage attacks targeting global organizations

Microsoft has warned that a group of Russian state-sponsored threat actors known as APT29 is using malicious OAuth applications and password spraying to target organizations worldwide. These attacks are designed to steal sensitive information and gain access to critical systems.

APT29 is a well-known hacking group with a history of targeting governments, diplomatic entities, and IT service providers. They are known for their sophisticated techniques and their ability to operate undetected for extended periods.

In the latest attack, APT29 targeted Microsoft’s systems and successfully infiltrated a non-production test tenant account that did not have multi-factor authentication enabled. They then used this access to identify and compromise a legacy test OAuth application that had elevated access to the Microsoft corporate environment.

APT29 is using residential proxies to conceal their origins and make it difficult for organizations to detect their attacks. This is why it is crucial for organizations to take steps to defend against rogue OAuth applications and password spraying.

Here are some steps organizations can take to protect themselves from APT29 attacks:

Enable multi-factor authentication (MFA) for all users and accounts.
Regularly update software and security patches.
Conduct regular security assessments to identify and mitigate vulnerabilities.
Implement a robust incident response plan.
By following these steps, organizations can help to protect themselves from APT29 attacks and other cyberattacks.