Redazione RHC : 30 August 2025 15:58
A complex watering hole campaign, orchestrated by the notorious hacker group APT29, linked to Russian foreign intelligence services, was neutralized by Amazon’s cybersecurity team. This latest campaign marks a significant tactical shift from previous operations, demonstrating the group’s ability to evolve under pressure from cybersecurity defenders.
Unlike the October 2024 campaign, which relied on impersonating the AWS domain to distribute malicious Remote Desktop Protocol files, APT29’s new approach involved compromising legitimate websites and injecting obfuscated JavaScript code. APT29 created convincing fake Cloudflare verification pages on domains such as findcloudflare[.]com, designed to trick users into authorizing attacker-controlled devices via Microsoft’s authentication workflow.
The operation The August 2025 operation represents the latest chapter in an ongoing cyberwarfare battle between tech giants and state-sponsored threat actors seeking to infiltrate global networks and harvest sensitive credentials. The Russian cyber unit, also known as Midnight Blizzard, has demonstrated remarkable adaptability in its attack methodologies throughout 2024 and 2025.
Critically, Amazon confirmed that no AWS systems were compromised during the operation and that there was no direct impact to AWS services or infrastructure. The attackers strategically redirected only 10% of the website’s visitors to avoid detection, demonstrating a calculated approach to maximize impact while minimizing exposure.
A group of Amazon threat experts learned of the operation through advanced analysis designed to identify APT29’s unique infrastructure patterns. The research found that Russian operators had been able to undermine the integrity of numerous legitimate websites, using them as unsuspecting tools for their espionage efforts.
The ongoing battle between the two sides has highlighted the tenacity of government-backed digital operations and the importance of constant monitoring by cybersecurity specialists.
Redazione