ICIC
🇷🇺

Midnight Blizzard

High ConfidenceCritical Threat

APT29 • NOBELIUM • The Dukes • Cozy Bear • Dark Halo • StellarParticle +1 more

Midnight Blizzard is a highly sophisticated Russian cyber espionage group attributed by the US and UK governments to the Foreign Intelligence Service of the Russian Federation (SVR). Active since at least 2008, the group is one of Russia's longest-running and most capable APT operations, responsible for some of the most significant cyber intrusions in history including the 2020 SolarWinds supply chain compromise. The group has demonstrated exceptional adaptability, evolving its tactics to target cloud-based infrastructure as organizations modernize their systems. In 2024, Midnight Blizzard gained significant attention for breaching Microsoft's corporate email system and accessing executive communications and source code, as well as compromising Hewlett Packard Enterprise's cloud-based email.

Origin: Russia
Sponsor: SVR (Foreign Intelligence Service)
Active: 2008 - Present
Victims: Thousands (including 18,000+ via SolarWinds)
Elite
Active
EspionageIntelligence Collection
Risk Assessment
92
Composite Risk Score
Critical Risk
ARCS Compliance95
Escalation Risk92
Grievance Index88
Infrastructure Impact90
History & Evolution

Midnight Blizzard is a highly sophisticated Russian cyber espionage group attributed by the US and UK governments to the Foreign Intelligence Service of the Russian Federation (SVR). Active since at least 2008, the group is one of Russia's longest-running and most capable APT operations, responsible for some of the most significant cyber intrusions in history including the 2020 SolarWinds supply chain compromise. The group has demonstrated exceptional adaptability, evolving its tactics to target cloud-based infrastructure as organizations modernize their systems. In 2024, Midnight Blizzard gained significant attention for breaching Microsoft's corporate email system and accessing executive communications and source code, as well as compromising Hewlett Packard Enterprise's cloud-based email.

Targeting

Target Sectors

GovernmentTechnologyThink TanksHealthcareEnergyDefense

Target Regions

United StatesUnited KingdomEuropean UnionNATO CountriesGlobal
Attribution & Affiliations

Attributed to SVR (Foreign Intelligence Service) (Russia). Attribution confidence: High.

Intelligence Assessment
Critical
Threat Level
Highly
Targeting
Highly
Adaptability
Very High
Persistence
Continuous
Op Tempo
Active
Status

Future Outlook

Midnight Blizzard remains one of the most capable and persistent threat actors globally. The group continues to adapt its tactics to target cloud infrastructure.

Timeline of Key Events
2008
Major

First observed APT29/Cozy Bear activity

2016
Major

DNC breach attributed to APT29

2020
Major

SolarWinds supply chain compromise discovered

January 2024
Major

Microsoft corporate email breach disclosed

Related Threat Groups
🇷🇺APT28
Both Russian state-sponsored groups, sometimes operate in parallel

Joint operations targeting same victims