Hunting for APT29 Spear Phishing Using XDR

Showing results for 
Search instead for 
Did you mean: 
L4 Transporter
Did you find this article helpful? Yes No
No ratings

On May 27, 2021, Microsoft reported a wide-scale spear phishing campaign attributed to APT29, the same threat actor responsible for the SolarWinds campaign, SolarStorm. This attack had a wide range of targets for an APT spear phishing campaign—about 3,000 email accounts targeted within 150 organizations. 


We can help!

Due to the high impact of a potential attack by APT29 and the technical prowess seen as part of SolarStorm, we highly advise Palo Alto Networks customers to update to the latest XDR Agent and content version to hunt for threats using the supplied XQL queries and the existing protection mechanisms within Cortex XDR.


To learn more, please read "Hunting for APT29 Spear Phishing Using XDR."

Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last update:
‎06-10-2021 08:50 AM
Updated by: