APT29, a hacking group also known as Cozy Bear that’s believed to work directly under Russia’s Foreign Intelligence Service (SVR), has been targeting industry and military in Ukraine by trying to impersonate Amazon Web Services (AWS).
One of APT29’s favorite tactics is phishing for credentials belonging to government agencies, enterprises, and militaries, usually by trying to impersonate some official capacity. In this particular situation, the threat actors were trying to leverage the AWS name
