Amazon seizes domains used by Russian hackers to target Windows systems

AWS Office
(Image credit: Tony Webster / Flickr)

Amazon has seized a number of internet domains used by Russian hackers to launch phishing attacks.

In a blog post, CJ Moses, Chief Information Security Officer at Amazon, said a Russian state-sponsored threat actor known as Midnight Blizzard (AKA APT29) was spotted running a large-scale phishing attack against government agencies, enterprises, and militaries.

The attacks were impersonating Amazon Web Services (AWS), the retail giant’s cloud arm, with phishing emails written in the Ukrainian language.

Midnight Blizzard attacks

The goal of the campaign was not to target AWS, or to steal AWS credentials from the victims, Moses noted - instead, Midnight Blizzard was looking for Windows credentials to use through Microsoft Remote Desktop.

“Upon learning of this activity, we immediately initiated the process of seizing the domains APT29 was abusing which impersonated AWS in order to interrupt the operation,” Moses added. “CERT-UA has issued an advisory with additional details on their work.”

CERT-UA is the Computer Emergency Response Team of Ukraine, a specialized structural unit of the State Center for Cyber Defense of the State Service for Special Communications and Information Protection of Ukraine.

You may remember Midnight Blizzard as the threat actor behind the famed Microsoft attack that forced the company to completely revamp its security policies.

In early 2024, Microsoft revealed it had been attacked by the group, which managed to gain access to corporate email accounts in the company’s cybersecurity and legal departments.

The tech giant later confirmed that the breach was not confined, and that corporate accounts belonging to organizations outside of Microsoft were also affected.

Because of this, and a number of other incidents, the company was slammed by both the cybersecurity community and the US government, prompting the Secure Future Initiative - the company’s promise of a complete security overhaul.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.