APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

From threatpost.com

apt28 office 365 credential harvesting

The Russia-linked threat group is harvesting credentials for Microsoft’s cloud offering, and targeting mainly election-related organizations.

The Russia-linked threat group known as APT28 has changed up its tactics to include Office 365 password-cracking and credential-harvesting.

Microsoft researchers have tied APT28 (a.k.a. Strontium, Sofacy or Fancy Bear) to this newly uncovered pattern of O365 activity, which began in April and is ongoing. The attacks have been aimed mainly at U.S. and U.K. organizations directly involved in political elections.

Read more…