Hometechnology News

    Russian hacking group Cosy Bear targets Microsoft 365 users in US and NATO countries

    Russian hacking group Cosy Bear targets Microsoft 365 users in US and NATO countries

    Russian hacking group Cosy Bear targets Microsoft 365 users in US and NATO countries
    Read Time
    2 Min(s) Read
    Profile image

    By CNBCTV18.com  IST (Published)

    Mini

    Cybersecurity firm Mandiant has waned that Russian hacking group APT29, also known as Cozy Bear or Nobelium, has targeted several Microsoft 365 accounts in the US and NATO countries.

    Cybersecurity firm Mandiant has waned that Russian hacking group APT29, also known as Cozy Bear or Nobelium, has targeted several Microsoft 365 accounts in the US and NATO countries.
    The firm says that it has been tracking the cyberespionage group since at least 2014.
    Microsoft 365 uses a variety of licensing models to control a user’s access to the suite of products. The licenses are also used for security purposes and compliance settings such as log retention and Mail Items Accessed logging Purview Audit. The most common licenses are E1, E3 and E5.
    Users on the E5 license could use Purview Audit to enable the Mail Items Access audit. Mail Items Accessed records the user-agent string, timestamp, IP address, and username each time a mail item is accessed.
    In its report, Mandiant said, “Once (Purview Audit) disabled, they begin targeting the inbox for email collection. At this point, there is no logging available to the organisation to confirm which accounts the threat actor targeted for email collection and when. Given APT29’s targeting and TTPs Mandiant believes that email collection is the most likely activity following the disablement of Purview Audit.”
    The report also said that multi-factor authentication (MFA) is a crucial tool that organizations can deploy to thwart account takeover attacks by threat actors. By requiring users to provide both something they know and something they have, organizations can significantly reduce the risk of account compromise.
    Mandiant is expecting APT29 to stay apace with the development of techniques and tactics to access Microsoft 365 in novel and stealthy ways.
     
    Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
    arrow down

      Most Read

      Market Movers

      View All
      CompanyPriceChng%Chng