The StellarParticle campaign, linked to the COZY BEAR adversary group, showcases the group's sophisticated use of novel tactics and techniques to infiltrate multiple organizations' systems, leveraging access for espionage and financial gain. CrowdStrike's investigation revealed the group's methods, including credential hopping, browser cookie theft to bypass multifactor authentication, and the use of malware families like TrailBlazer and a Linux variant of GoldMax to maintain persistence. The campaign also exploited Microsoft O365 environments through service principal manipulations and application impersonation, targeting sensitive information repositories and using advanced knowledge of victims' infrastructures. These actions highlight the threat actors' capacity to remain undetected for extended periods, showcasing a high level of operational security and a comprehensive understanding of both Windows and Linux systems, as well as cloud environments.