Critical Infrastructure Security
Cyberwarfare / Nation-State Attacks
SVR’s TTPs and General Tradecraft Detailed
U.S. and U.K. cyber, law enforcement and intelligence agencies issued a joint advisory Friday offering detailed information on how to defend against the activities of the Russian Foreign Intelligence Service, or SVR, in the wake of the 2020 SolarWinds attacks.
See Also: Live Webinar | Software Security: Prescriptive vs. Descriptive
The U.K.’s National Cyber Security Center, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency say the SVR, through its threat group APT29, will continue to attack, so organizations need to understand the threat facing them.
“APT29 will continue to seek intelligence from U.S. and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks. The SVR primarily targets government networks, think tank and policy analysis organizations, and information technology companies,” CISA says in its own alert.
CISA attributed the SolarWinds supply chain attack that resulted in follow-on attacks on nine government departments and 100 private companies to APT29, also known as The Dukes, Cozy Bear and Yttrium. The agency notes that the SVR’s cyber operations have posed a…