{"id":55173,"date":"2024-01-26T15:14:35","date_gmt":"2024-01-26T15:14:35","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35453\/The-Life-And-Times-Of-Cozy-Bear-The-Russian-Hackers-Who-Just-Hit-Microsoft-And-HPE.html"},"modified":"2024-01-26T15:14:35","modified_gmt":"2024-01-26T15:14:35","slug":"the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/","title":{"rendered":"The Life And Times Of Cozy Bear, The Russian Hackers Who Just Hit Microsoft And HPE"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/01\/russia-state-hacking-800x451.jpg\" alt=\"The life and times of Cozy Bear, the Russian hackers who just hit Microsoft and HPE\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2024\/01\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">41<\/span> <\/a> <\/aside>\n<p> <!-- cache hit 421:single\/related:d7735cf0cc753b5381669051fbacc436 --><!-- empty --><\/p>\n<p>Hewlett Packard Enterprise (HPE) said Wednesday that Kremlin-backed actors hacked into the email accounts of its security personnel and other employees last May\u2014and maintained surreptitious access until December. The disclosure was the second revelation of a major corporate network breach by the hacking group in five days.<\/p>\n<p>The hacking group that hit HPE is the same one that Microsoft <a href=\"https:\/\/arstechnica.com\/security\/2024\/01\/microsoft-network-breached-through-password-spraying-by-russian-state-hackers\/\">said Friday<\/a> broke into its corporate network in November and monitored email accounts of senior executives and security team members until being driven out earlier this month. Microsoft tracks the group as Midnight Blizzard. (Under the company\u2019s recently retired threat actor naming convention, which was based on chemical elements, the group was known as Nobelium.) But it is perhaps better known by the name Cozy Bear\u2014though researchers have also dubbed it APT29, the Dukes, Cloaked Ursa, and Dark Halo.<\/p>\n<p>\u201cOn December 12, 2023, Hewlett Packard Enterprise was notified that a suspected nation-state actor, believed to be the threat actor Midnight Blizzard, the state-sponsored actor also known as Cozy Bear, had gained unauthorized access to HPE\u2019s cloud-based email environment,\u201d company lawyers wrote in a <a href=\"https:\/\/www.sec.gov\/Archives\/edgar\/data\/1645590\/000164559024000009\/hpe-20240119.htm\">filing<\/a> with the Securities and Exchange Commission. \u201cThe Company, with assistance from external cybersecurity experts, immediately activated our response process to investigate, contain, and remediate the incident, eradicating the activity. Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.\u201d<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>An HPE representative said in an email that Cozy Bear\u2019s initial entry into the network was through \u201ca compromised, internal HPE Office 365 email account [that] was leveraged to gain access.\u201d The representative declined to elaborate. The representative also declined to say how HPE discovered the breach.<\/p>\n<p>Cozy Bear hacking its way into the email systems of two of the world\u2019s most powerful companies and monitoring top employees\u2019 accounts for months aren\u2019t the only similarities between the two events. Both breaches also involved compromising a single device on each corporate network, then escalating that toehold to the network itself. From there, Cozy Bear camped out undetected for months. The HPE intrusion was all the more impressive because Wednesday\u2019s disclosure said that the hackers also gained access to Sharepoint servers in May. Even after HPE detected and contained that breach a month later, it would take HPE another six months to discover the compromised email accounts.<\/p>\n<p>The pair of disclosures, coming within five days of each other, may create the impression that there has been a recent flurry of hacking activity. But Cozy Bear has actually been one of the most active nation-state groups since <a href=\"https:\/\/community.broadcom.com\/symantecenterprise\/communities\/community-home\/librarydocuments\/viewdocument?DocumentKey=6ab66701-25d7-4685-ae9d-93d63708a11c&amp;CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&amp;tab=librarydocuments\">at least 2010<\/a>. In the intervening 14 years, it has waged an almost constant series of attacks, mostly on the networks of governmental organizations and the technology companies that supply them. Multiple intelligence services and private research companies have attributed the hacking group as an arm of Russia\u2019s Foreign Intelligence Service, also known as the SVR.<\/p>\n<h2>The life and times of Cozy Bear (so far)<\/h2>\n<p>In its earliest years, Cozy Bear operated in relative obscurity\u2014precisely the domain it prefers\u2014as it hacked <a href=\"https:\/\/arstechnica.com\/information-technology\/2015\/09\/seven-years-of-malware-linked-to-russian-state-backed-cyberespionage\/\">mostly Western governmental agencies<\/a> and related organizations such as political think tanks and governmental subcontractors. In 2013, researchers from security firm Kaspersky <a href=\"https:\/\/arstechnica.com\/information-technology\/2013\/02\/bizarre-old-school-spyware-attacks-governments-sports-mark-of-the-beast\/\">unearthed MiniDuke<\/a>, a sophisticated piece of malware that had taken hold of 60 government agencies, think tanks, and other high-profile organizations in 23 countries, including the US, Hungary, Ukraine, Belgium, and Portugal.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>MiniDuke was notable for its odd combination of advanced programming and the gratuitous references to literature found embedded into its code. (It contained strings that alluded to Dante Alighieri&#8217;s <em>Divine Comedy<\/em> and to 666, the Mark of the Beast discussed in a verse from the Book of Revelation.) Written in assembly, employing multiple levels of encryption, and relying on hijacked Twitter accounts and automated Google searches to maintain stealthy communications with command-and-control servers, MiniDuke was among the most advanced pieces of malware found at the time.<\/p>\n<p>It wasn\u2019t immediately clear who was behind the mysterious malware\u2014another testament to the stealth of its creators. In 2015, however, researchers <a href=\"https:\/\/arstechnica.com\/information-technology\/2015\/09\/seven-years-of-malware-linked-to-russian-state-backed-cyberespionage\/\">linked MiniDuke<\/a>\u2014and seven other pieces of previously unidentified malware\u2014to Cozy Bear. After a half-decade of lurking, the shadowy group was suddenly brought into the light of day.<\/p>\n<p>Cozy Bear once again came to prominence the following year when researchers discovered the group (along with Fancy Bear, a separate Russian-state hacking group) inside the servers of the Democratic National Committee, looking for intelligence such as <a href=\"https:\/\/arstechnica.com\/information-technology\/2016\/06\/hackers-invade-dems-servers-steal-entire-trump-opposition-file\/\">opposition research<\/a> into Donald Trump, the Republican nominee for president at the time. The hacking group resurfaced in the days following Trump\u2019s election victory that year with a <a href=\"https:\/\/arstechnica.com\/tech-policy\/2018\/11\/russian-hackers-suspected-of-launching-post-election-spear-phishing-party\/\">major spear-phishing blitz<\/a> that targeted dozens of organizations in government, military, defense contracting, media, and other industries.<\/p>\n<p>One of Cozy Bear\u2019s crowning achievements came in late 2020 with the discovery of an <a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/12\/18000-organizations-downloaded-backdoor-planted-by-cozy-bear-hackers\/\">extensive supply<\/a> chain attack that targeted customers of SolarWinds, the Austin, Texas, maker of network management tools. After compromising SolarWinds\u2019 software build system, the hacking group pushed infected updates to roughly 18,000 customers. The hackers then used the updates to compromise nine federal agencies and about 100 private companies, White House officials have said.<\/p>\n<p>Cozy Bear has remained active, with <a href=\"https:\/\/arstechnica.com\/gadgets\/2021\/05\/microsoft-says-solarwinds-hackers-targeted-us-agencies-in-a-new-campaign\/\">multiple campaigns<\/a> coming to light in 2021, including one that used zero-day vulnerabilities to <a href=\"https:\/\/arstechnica.com\/gadgets\/2021\/07\/solarwinds-hackers-used-an-ios-0-day-to-steal-google-and-microsoft-credentials\/\">infect fully updated iPhones<\/a>. Last year, the group devoted much of its time to hacks of <a href=\"https:\/\/arstechnica.com\/information-technology\/2022\/07\/pro-russia-hack-campaigns-are-running-rampant-in-ukraine\/\">Ukraine<\/a>.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35453\/The-Life-And-Times-Of-Cozy-Bear-The-Russian-Hackers-Who-Just-Hit-Microsoft-And-HPE.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":55174,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[10830],"class_list":["post-55173","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermicrosoftemailrussiadata-loss"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The Life And Times Of Cozy Bear, The Russian Hackers Who Just Hit Microsoft And HPE 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Life And Times Of Cozy Bear, The Russian Hackers Who Just Hit Microsoft And HPE 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-26T15:14:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/01\/russia-state-hacking-800x451.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"The Life And Times Of Cozy Bear, The Russian Hackers Who Just Hit Microsoft And HPE\",\"datePublished\":\"2024-01-26T15:14:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\\\/\"},\"wordCount\":929,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe.jpg\",\"keywords\":[\"headline,hacker,microsoft,email,russia,data loss\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\\\/\",\"name\":\"The Life And Times Of Cozy Bear, The Russian Hackers Who Just Hit Microsoft And HPE 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe.jpg\",\"datePublished\":\"2024-01-26T15:14:35+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe.jpg\",\"width\":800,\"height\":451},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,microsoft,email,russia,data loss\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermicrosoftemailrussiadata-loss\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"The Life And Times Of Cozy Bear, The Russian Hackers Who Just Hit Microsoft And HPE\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Life And Times Of Cozy Bear, The Russian Hackers Who Just Hit Microsoft And HPE 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/","og_locale":"en_US","og_type":"article","og_title":"The Life And Times Of Cozy Bear, The Russian Hackers Who Just Hit Microsoft And HPE 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-01-26T15:14:35+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/01\/russia-state-hacking-800x451.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"The Life And Times Of Cozy Bear, The Russian Hackers Who Just Hit Microsoft And HPE","datePublished":"2024-01-26T15:14:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/"},"wordCount":929,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/01\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe.jpg","keywords":["headline,hacker,microsoft,email,russia,data loss"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/","url":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/","name":"The Life And Times Of Cozy Bear, The Russian Hackers Who Just Hit Microsoft And HPE 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/01\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe.jpg","datePublished":"2024-01-26T15:14:35+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/01\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/01\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe.jpg","width":800,"height":451},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/the-life-and-times-of-cozy-bear-the-russian-hackers-who-just-hit-microsoft-and-hpe\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,microsoft,email,russia,data loss","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermicrosoftemailrussiadata-loss\/"},{"@type":"ListItem","position":3,"name":"The Life And Times Of Cozy Bear, The Russian Hackers Who Just Hit Microsoft And HPE"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55173","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55173"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55173\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/55174"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55173"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}