Nation-State Actor
Midnight Blizzard
Russia • Active since 2008
Midnight Blizzard is the same group as Cozy Bear/APT29 - Russian government hackers who did the massive SolarWinds hack. They are one of the most sophisticated spy groups in the world.
Overview
Midnight Blizzard is a Russian SVR-linked threat actor known for sophisticated espionage campaigns. They conducted the SolarWinds supply chain attack and continue to target government, diplomatic, and technology organizations.
Also Known As
APT29, Cozy Bear, NOBELIUM, The Dukes, Dark Halo
Target Industries
Government, Technology, Think Tanks, Healthcare, Energy
Target Regions
United States, Europe, NATO countries
Is your business exposed?
Tactics, Techniques & Procedures
- • Supply chain compromise
- • Cloud environment exploitation
- • Token theft and replay
- • Residential proxy networks
- • Password spraying
Known Tools & Malware
SUNBURST, TEARDROP, RAINDROP, Cobalt Strike, BEATDROP, EnvyScout
Notable Campaigns
SolarWinds Supply Chain Attack (2020)
Compromised SolarWinds Orion software affecting thousands of organizations worldwide.
Microsoft Corporate Breach (2024)
Compromised Microsoft corporate systems and accessed executive email accounts.
MITRE ATT&CK Techniques
T1195.002, T1550.001, T1078.004, T1556.006
Defense Recommendations
- 1.
Implement conditional access policies
- 2.
Monitor for token theft indicators
- 3.
Enable OAuth application auditing
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required