Source: NCSC
Many of the sectors targeted by the SVR, including think tanks, healthcare, and education, have moved to cloud-based infrastructure, which means that traditional means of access - such as through the exploitation of software vulnerabilities – are more limited.
Instead, SVR actors have over the past 12 months been observed stealing system-issued access tokens to compromise victim accounts, enrolling new devices to the victim’s cloud environment via credential reuse from personal accounts, and targeted system accounts with password spraying and brute forcing, which is successfully enabled by weak passwords and the absence of 2-step verification (2SV).
Once initial access has been gained, the actor is then capable of deploying highly sophisticated capabilities.
Along with updated threat information, the advisory also provides mitigation advice on how to counter the evolving tactics of APT29. The NCSC assesses that APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear, is a cyber espionage group which almost certainly operates as part of Russia’s Foreign Intelligence Service.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more