Russia’s cozy bear thwarted in latest Microsoft credential theft plot

Amazon blocked a covert campaign by Russia’s APT29, also known as Cozy Bear, that targeted Microsoft accounts through fake Cloudflare login pages. Hackers compromised legitimate websites, injected malicious code, and redirected visitors to attacker domains to steal access. AWS confirmed its systems stayed secure. The incident underscores how Moscow’s cyber operatives keep refining their espionage playbook against Western targets.