Security News > 2021 > April > FBI, CISA Uncover Tactics Employed by Russian Intelligence Hackers
The U.S. Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, and the Federal Bureau of Investigation on Monday published a new joint advisory as part of their latest attempts to expose the tactics, techniques, and procedures adopted by the Russian Foreign Intelligence Service in its attacks targeting the U.S and foreign entities.
By employing "Stealthy intrusion tradecraft within compromised networks," the intelligence agencies said, "The SVR activity-which includes the recent SolarWinds Orion supply chain compromise-primarily targets government networks, think tank and policy analysis organizations, and information technology companies and seeks to gather intelligence information."
In a noticeable shift in tactics in 2018, the actor moved from deploying malware on target networks to striking cloud-based email services, a fact borne by the SolarWinds attack, wherein the actor leveraged Orion binaries as an intrusion vector to exploit Microsoft Office 365 environments.
This similarity in post-infection tradecraft with other SVR-sponsored attacks, including in the manner the adversary laterally moved through the networks to obtain access to email accounts, is said to have played a huge role in attributing the SolarWinds campaign to the Russian intelligence service, despite a notable departure in the method used to gain an initial foothold.
Among some of the other tactics put to use by APT29 are password spraying, exploiting zero-day flaws against virtual private network appliances to obtain network access, and deploying a Golang malware called WELLMESS to plunder intellectual property from multiple organizations involved in COVID-19 vaccine development.
"The FBI and DHS recommend service providers strengthen their user validation and verification systems to prohibit misuse of their services," the advisory read, while also urging businesses to secure their networks from a compromise of trusted software.
News URL
Related news
- Russian laundering millions for Lazarus hackers arrested in Argentina (source)
- Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (source)
- Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals (source)
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
- CISA: Hackers target industrial systems using “unsophisticated methods” (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)