Microsoft collaborated with the Netherlands General Intelligence and Security Service (AIVD) and the Netherlands Defense Intelligence and Security Service (MIVD), which was released A separate advisor On the group. The Dutch services investigated the zero icy storm after successfully compromising the Dutch police in September 2024.
The goals of the group overlap with other known Russian state -run Siberpian groups, including APT28 aka fancy bear, APT29 aka comfortable bear, and Turla aka toxin bears, which Microsoft is called Microsoft, Outstanding, Midnight Storm, Midnight Storm and Gupta Storm. Compared to these groups, however, zero icy storm uses less sophisticated techniques to achieve initial access.
Password spraying and infostealer data dump
Till last month, zero icy storms mostly rely on password spraying, a technique that includes an attacks that estimate a brutal-force password using the list of common or leak passwords from other data violations. The group is also buying passwords, as well as the session cookies, from underground cyber criminal markets, especially the increased threat from the so-called log infoseller malware.
