ºÚÁÏÕýÄÜÁ¿

Executive Summary

In January 2024, security teams for two American multinational technology companies detected a nation-state attack on their corporate e-mail systems. The threat actor attributed to the cyberattacks was identified as Midnight Blizzard, also known as APT29, a Russian threat group publicly linked to the Foreign Intelligence Service of the Russian Federation. Tracing their longstanding and dedicated espionage of foreign interests as far back as early 2008, this group is known to target multiple industries primarily across the United States and Europe. An overview of the threat group can be found in a recent HC3 Threat Briefing on Russian Threat Actors, amongst other HC3 products detailed later. What follows is an examination of Midnight Blizzard; a timeline of recent threat actor activity; its impact to the HPH sector; common tactics, techniques, and procedures; exploited vulnerabilities, indicators of compromise, MITRE ATT&CK methodologies, and recommended defense and mitigations against the group.

View the detailed Threat Profile below.