Star Blizzard Operations Linked to Russian Intelligence Agency; APT28 Targets NATO’s Rapid Response

This report consolidates public intelligence on multiple active threats: Star Blizzard (FSB-linked) spear-phishing campaigns using credential- and session-cookie theft (EvilGinx) to compromise email and perform follow-on targeting; adversary abuse of AWS STS (AKIA/ASIA tokens) to gain persistence and lateral movement in cloud environments; and APT28 exploitation of Microsoft Outlook (CVE-2023-23397 and related bypass CVE-2023-29324) to exfiltrate Net-NTLMv2 hashes and enable relay attacks. The activity targets high-value sectors including NATO, government, defense, academia, and NGOs, and has been observed in the wild across multiple years.