Russian Hackers Have Updated Their Techniques

Uploaded on 2021-05-19 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW, TECHNOLOGY--Hackers

Hackers working for the Russian Government have updated their attack techniques. Russian intelligence has been accused by the US and UK governments of carrying out cyber attacks using new techniques after it was exposed that its hackers continue to target governments, organisations and energy providers around the world. 

These new cyber attack techniques, including exploiting vulnerabilities like the recent Microsoft Exchange zero-days, as its hackers continue to target governments, organisations and energy providers around the world.

A joint advisory by, the US Department for Homeland Security's Cybersecurity Infrastructure Security Agency, FBI and the National Security Agency, as well as the UK National Cyber Security Centre warns organisations about updated Tactics, Techniques and Procedures (TTP) used by Russia's foreign intelligence service, the SVR. This group is more often referred to as APT29, Cozy Bear and The Dukes. “The SVR is Russia’s civilian foreign intelligence service. The group uses a variety of tools and techniques to predominantly target overseas governmental, diplomatic, think-tank, healthcare and energy targets globally for intelligence gain... The SVR is a technologically sophisticated and highly capable cyber actor. It has developed capabilities to target organisations globally, including in the UK, US, Europe, NATO member states and Russia’s neighbours”, says the Report. 

This comes after cyber security agencies in the US and the UK attributed the SolarWinds attack to Russia’s civilian foreign intelligence service, as well as several campaigns targeting Covid vaccine developers. However,  in an unprecedented BBC interview, the head of the SVR, Sergei Naryshkin, denied responsibility and blamed Western intelligence agencies of carrying out the SolarWinds exploit.

The joint advisory warns that Russian cyber attackers have updated their techniques and procedures in an effort to infiltrate networks and avoid detection, especially when some organisations have attempted to adjust their defences after previous alerts about cyber threats. This includes the attackers using open source tool, Sliver as a means of maintaining access to compromised networks and making use of numerous vulnerabilities.  

Sliver is a Red Team tool, a tool used by penetration testers when legally and legitimately testing network security, but in this case is being abused to consolidate access to networks compromised with WellMess and WellMail, custom malware that is associated with SVR attacks.

Despite the often advanced nature of the attacks, the cybersecurity  advisory says that "following basic cyber security principles will make it harder for even sophisticated actors to compromise target networks".

Russia is  home of many of the most active cyber criminals and the theft, fraud and numerous other crimes they commit appear to be tolerated by the Russian authorities, provided the victims reside in those nations that the Kremlin considers to be enemies. 

NCSC:     MIT:      NextGov:      IronNet:     Economic Times:        ZDNet:      OmmCom News:

You Might Also Read:

Cyber Crime In 2021: How Hackers Are Evolving:

 

« Ireland’s Health Service Won't Pay Ransom
Most Cyber Security Teams Are Understaffed »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NNIT

NNIT

NNIT​ is one of Denmark’s leading consultancies in IT development, implementation and operations, including cyber security.

Intertek Group

Intertek Group

Intertek Group provides Assurance, Testing, Inspection and Certification services. Activities include cybersecurity testing and certification.

Digital Guardian

Digital Guardian

Digital Guardian is a next generation data protection platform designed to stop data theft.

OpenText

OpenText

OpenText is a leader in Enterprise Information Management software and a portfolio of related solutions for Information Governance, Compliance, Information Security and Privacy.

TorGuard

TorGuard

TorGuard is a Virtual Private Network services provider offering secure encrypted access to the internet.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

JaCIRT

JaCIRT

JaCIRT is the national Cyber Incident Response Team for Jamaica, established to deliver on the mandate outlined in the GoJ’s National Cyber Security Strategy.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

VMware

VMware

VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control.

Resmo

Resmo

Resmo is an all in one platform for SaaS app and access management for modern IT teams.

Trium Cyber

Trium Cyber

Trium Cyber - Expert Cyber Underwriting and Claims Management. Based in the US and UK. Backed by Lloyd’s of London.

Security Solutions Services (S-3)

Security Solutions Services (S-3)

S-3 specialize in crafting tailored network design, security hardware, software, and storage solutions for businesses of all sizes.

Cyberagentur (Cyber Agency)

Cyberagentur (Cyber Agency)

Cyberagentur is the Federal Agency in Germany for innovation in cybersecurity. Our mission is to advance research and groundbreaking innovations in the field of cybersecurity and related technologies.

AI EdgeLabs

AI EdgeLabs

AI EdgeLabs is a powerful and autonomous cybersecurity AI platform that helps security teams respond immediately to ongoing attacks and protect Edge/IoT infrastructures.