Russian Hackers Have Updated Their Techniques

Uploaded on 2021-05-19 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW, TECHNOLOGY--Hackers

Hackers working for the Russian Government have updated their attack techniques. Russian intelligence has been accused by the US and UK governments of carrying out cyber attacks using new techniques after it was exposed that its hackers continue to target governments, organisations and energy providers around the world. 

These new cyber attack techniques, including exploiting vulnerabilities like the recent Microsoft Exchange zero-days, as its hackers continue to target governments, organisations and energy providers around the world.

A joint advisory by, the US Department for Homeland Security's Cybersecurity Infrastructure Security Agency, FBI and the National Security Agency, as well as the UK National Cyber Security Centre warns organisations about updated Tactics, Techniques and Procedures (TTP) used by Russia's foreign intelligence service, the SVR. This group is more often referred to as APT29, Cozy Bear and The Dukes. “The SVR is Russia’s civilian foreign intelligence service. The group uses a variety of tools and techniques to predominantly target overseas governmental, diplomatic, think-tank, healthcare and energy targets globally for intelligence gain... The SVR is a technologically sophisticated and highly capable cyber actor. It has developed capabilities to target organisations globally, including in the UK, US, Europe, NATO member states and Russia’s neighbours”, says the Report. 

This comes after cyber security agencies in the US and the UK attributed the SolarWinds attack to Russia’s civilian foreign intelligence service, as well as several campaigns targeting Covid vaccine developers. However,  in an unprecedented BBC interview, the head of the SVR, Sergei Naryshkin, denied responsibility and blamed Western intelligence agencies of carrying out the SolarWinds exploit.

The joint advisory warns that Russian cyber attackers have updated their techniques and procedures in an effort to infiltrate networks and avoid detection, especially when some organisations have attempted to adjust their defences after previous alerts about cyber threats. This includes the attackers using open source tool, Sliver as a means of maintaining access to compromised networks and making use of numerous vulnerabilities.  

Sliver is a Red Team tool, a tool used by penetration testers when legally and legitimately testing network security, but in this case is being abused to consolidate access to networks compromised with WellMess and WellMail, custom malware that is associated with SVR attacks.

Despite the often advanced nature of the attacks, the cybersecurity  advisory says that "following basic cyber security principles will make it harder for even sophisticated actors to compromise target networks".

Russia is  home of many of the most active cyber criminals and the theft, fraud and numerous other crimes they commit appear to be tolerated by the Russian authorities, provided the victims reside in those nations that the Kremlin considers to be enemies. 

NCSC:     MIT:      NextGov:      IronNet:     Economic Times:        ZDNet:      OmmCom News:

You Might Also Read:

Cyber Crime In 2021: How Hackers Are Evolving:

 

« Ireland’s Health Service Won't Pay Ransom
Most Cyber Security Teams Are Understaffed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Fredda Stanza

Fredda Stanza

Fredda Stanza specialize in Information Security and Forensics Consulting.

4ARMED

4ARMED

4ARMED services cover the end-to-end experience of securing modern software, from design and build through to deploy and test.

Security Magazine

Security Magazine

Security, the business magazine for security executives, focuses on management issues facing top security professionals and effective solutions being employed, both physical and cyber.

Hitachi ID Systems

Hitachi ID Systems

Hitachi ID Systems offers comprehensive identity management and access governance, privileged access management and password management solutions.

Prewen

Prewen

Prewen provide solutions to protect sensitive data across the organisation.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

Japan Network Security Association (JNSA)

Japan Network Security Association (JNSA)

JNSA's goal is to promote standardization related to network security and to contribute to greater technological standards in the field.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

Fortra

Fortra

Fortra (formerly HelpSystems) is your cybersecurity ally, unified through the mission of providing solutions to organizations' seemingly unsolvable cybersecurity problems.

macmon secure

macmon secure

macmon secure develops network security software, focussing on Network Access Control.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

BAI Security

BAI Security

BAI Security is a Nationally Recognized Leader in IT Security. Keeping your data safe and your business compliant is our singular focus.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.

Intelidata Techedge Pvt. Ltd.

Intelidata Techedge Pvt. Ltd.

Intelidata are a Global Cyber Security Consultancy and Services firm that helps companies drive growth by minimizing risk and maximizing potential.

Frenos

Frenos

The Frenos Platform helps enterprises understand their most probable attack paths while highlighting the most effective risk mitigations to deter and defend against today’s adversaries.