Microsoft research posted a very interesting blog post on a current nation state threat being tagged as Midnight Blizzard. Who is this threat actor?
Midnight Blizzard (also known as NOBELIUM) is a Russia-based threat actor attributed by the US and UK governments as the Foreign Intelligence Service of the Russian Federation, also known as the SVR. This threat actor is known to primarily target governments, diplomatic entities, non-governmental organizations (NGOs) and IT service providers, primarily in the US and Europe. Their focus is to collect intelligence through longstanding and dedicated espionage of foreign interests that can be traced to early 2018. Their operations often involve compromise of valid accounts and, in some highly targeted cases, advanced techniques to compromise authentication mechanisms within an organization to expand access and evade detection.
The article found HERE lists their attack techniques, tactics, and procedures as well as what can be done to reduce the risk of being compromised by their TTPs.
