Windows Vulnerability Found Through Analysis of Russian Cyberspy Attacks


A vulnerability in Windows’ ‘credential roaming’ functionality has been found after an analysis of the numerous LDAP queries that the Russian cyberespionage group APT29 had made to the Active Directory system.

APT29 is a Russian cyberespionage organization also known as Cozy Bear, the Dukes, and Yttrium that is most likely supported by the Russian Foreign Intelligence Service (SVR). The group is thought to be behind a number of well-known attacks, such as the 2016 attempt to target the Democratic National Committee (DNC), the 2018 DNC infiltration attempt, and the 2020 SolarWinds attack.

Mandiant disclosed that the group had been conducting phishing attacks against diplomatic institutions in Europe, the Americas, and Asia in an effort to infect them with fresh malware families in a report from May 2022.

Read More: Analysis of Russian Cyberspy Attacks Leads to Discovery of Windows Vulnerability

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.