Amazon Intelligence has disrupted a hacking campaign by the APT29 group, which is linked to Russia’s Foreign Intelligence Service (SVR). Russia’s goal was to collect information about U.S. government agencies, media outlets, universities, and public organizations.
This was reported by the Center for Countering Disinformation under Ukraine’s National Security and Defense Council (NSDC).
APT29, also known as Midnight Blizzard, hacked legitimate websites and implanted malicious code that redirected some visitors to fake pages mimicking Cloudflare’s service. There, users were tricked into “authorizing” the attackers’ devices, which allowed the hackers to gain access to victims’ emails and files stored in cloud services.
The report stresses that this was not a one-time breach but a systematic operation by Russian intelligence. To hack computers directly, the attackers forced victims to confirm access themselves — using legitimate Microsoft and Google authorization mechanisms.
The Center also highlighted that Russia’s objective is to gather intelligence on U.S. governmental structures, media, universities, and NGOs. Such actions are considered tools of espionage used by the Kremlin to pressure Western countries.
These attacks, the Center notes, should be viewed as elements of hybrid interference in the internal processes of the U.S. and its allies, rather than as ordinary cybercrime.