The current aim of the group is to collect foreign intelligence to support future cyber campaigns, particularly in the context of Russia's ongoing invasion of Ukraine.
APT29, also known as Midnight Blizzard, has been active since at least 2021, primarily targeting defense, technology, and finance sectors globally.
The NCSC warns that any organization with unpatched vulnerabilities could be targeted, as the attackers exploit 'targets of opportunity' through internet scans.
Techniques used by APT29 include spear-phishing, custom malware, and exploiting trusted relationships, allowing extensive infiltration and data exfiltration.
Collection
[
|
...
]