Security News > 2021 > May > Russian cyber-spies changed tactics after the UK and US outed their techniques – so here's a list of those changes
Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise.
A couple of weeks ago, Britain and the US joined forces to out the SVR's Tactics, Techniques and Procedures, giving the world's infosec defenders a chance to look out for the state-backed hackers' fingerprints on their networked infrastructure.
"SVR cyber operators appear to have reacted to this report by changing their TTPs in an attempt to avoid further detection and remediation efforts by network defenders," said the poker-faced NCSC today, in an advisory detailing precisely what those changed TTPs are.
On top of all that the SVR is also posing as legitimate red-team pentesters: looking for easy camouflage, the spies hopped onto GitHub and downloaded the free open-source Sliver red-teaming platform, in what the NCSC described as "An attempt to maintain their accesses."
There are more vulns being abused by the Russians and the full NCSC advisory on what these are can be read on the NCSC website.
Drawing on this, the NCSC has published a set of "Connected places cyber security principles" for operators of public spaces with connectivity kit and sensors in them.
News URL
Related news
- US warns of last-minute Iranian and Russian election influence ops (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- Russian spies may have moved in next door to target your network (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- UK disrupts Russian money laundering networks used by ransomware (source)
- T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career' (source)
- Russian cyber spies hide behind other hackers to target Ukraine (source)
- US charges Russian-Israeli as suspected LockBit ransomware coder (source)