×

Irish Information Security Forum

Evolving tactics used by Russian state-linked cyber actors

Source: NCSC

 

In a new joint advisory, the National Cyber Security Centre (NCSC), which is a part of GCHQ, and agencies in the United States, Australia, Canada, and New Zealand have detailed how the threat group, which is known as APT29, has adapted its techniques for intelligence gain to target organisations that have moved to cloud-hosted environments.

 

Many of the sectors targeted by the SVR, including think tanks, healthcare, and education, have moved to cloud-based infrastructure, which means that traditional means of access - such as through the exploitation of software vulnerabilities – are more limited.

 

Instead, SVR actors have over the past 12 months been observed stealing system-issued access tokens to compromise victim accounts, enrolling new devices to the victim’s cloud environment via credential reuse from personal accounts, and targeted system accounts with password spraying and brute forcing, which is successfully enabled by weak passwords and the absence of 2-step verification (2SV).

 

Once initial access has been gained, the actor is then capable of deploying highly sophisticated capabilities.

Along with updated threat information, the advisory also provides mitigation advice on how to counter the evolving tactics of APT29. The NCSC assesses that APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear, is a cyber espionage group which almost certainly operates as part of Russia’s Foreign Intelligence Service.

 

Download Full Advisory

SVR cyber actors adapt tactics for cloud access

 

 

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter