SVR Cyber Actors Adapt Tactics for Initial Cloud Access
Recent TTPs of APT29, linked to Russian SVR, detailed. Joint assessment by international partners underscores severity. Mitigation advice provided.
TLP:CLEAR
Overview
This advisory details recent tactics, techniques and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes or Cozy Bear. The UK National Cyber Security Centre (NCSC) and international partners assess that APT29 is a cyber espionage group, almost certainly part of the SVR, an element of the Russian intelligence services. The US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Cyber National Mission Force (CNMF), the Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS) and the New Zealand National Cyber Security Centre (NCSC) agree with this attribution and the details provided in this advisory. This advisory provides an overview of TTPs deployed by the actor to gain initial access into the cloud environment and includes advice to detect and mitigate this activity.
Please click here to read more detail
TLP:CLEAR