Russian Hackers Have Updated Their Techniques

Uploaded on 2021-05-19 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW, TECHNOLOGY--Hackers

Hackers working for the Russian Government have updated their attack techniques. Russian intelligence has been accused by the US and UK governments of carrying out cyber attacks using new techniques after it was exposed that its hackers continue to target governments, organisations and energy providers around the world. 

These new cyber attack techniques, including exploiting vulnerabilities like the recent Microsoft Exchange zero-days, as its hackers continue to target governments, organisations and energy providers around the world.

A joint advisory by, the US Department for Homeland Security's Cybersecurity Infrastructure Security Agency, FBI and the National Security Agency, as well as the UK National Cyber Security Centre warns organisations about updated Tactics, Techniques and Procedures (TTP) used by Russia's foreign intelligence service, the SVR. This group is more often referred to as APT29, Cozy Bear and The Dukes. “The SVR is Russia’s civilian foreign intelligence service. The group uses a variety of tools and techniques to predominantly target overseas governmental, diplomatic, think-tank, healthcare and energy targets globally for intelligence gain... The SVR is a technologically sophisticated and highly capable cyber actor. It has developed capabilities to target organisations globally, including in the UK, US, Europe, NATO member states and Russia’s neighbours”, says the Report. 

This comes after cyber security agencies in the US and the UK attributed the SolarWinds attack to Russia’s civilian foreign intelligence service, as well as several campaigns targeting Covid vaccine developers. However,  in an unprecedented BBC interview, the head of the SVR, Sergei Naryshkin, denied responsibility and blamed Western intelligence agencies of carrying out the SolarWinds exploit.

The joint advisory warns that Russian cyber attackers have updated their techniques and procedures in an effort to infiltrate networks and avoid detection, especially when some organisations have attempted to adjust their defences after previous alerts about cyber threats. This includes the attackers using open source tool, Sliver as a means of maintaining access to compromised networks and making use of numerous vulnerabilities.  

Sliver is a Red Team tool, a tool used by penetration testers when legally and legitimately testing network security, but in this case is being abused to consolidate access to networks compromised with WellMess and WellMail, custom malware that is associated with SVR attacks.

Despite the often advanced nature of the attacks, the cybersecurity  advisory says that "following basic cyber security principles will make it harder for even sophisticated actors to compromise target networks".

Russia is  home of many of the most active cyber criminals and the theft, fraud and numerous other crimes they commit appear to be tolerated by the Russian authorities, provided the victims reside in those nations that the Kremlin considers to be enemies. 

NCSC:     MIT:      NextGov:      IronNet:     Economic Times:        ZDNet:      OmmCom News:

You Might Also Read:

Cyber Crime In 2021: How Hackers Are Evolving:

 

« Ireland’s Health Service Won't Pay Ransom
Most Cyber Security Teams Are Understaffed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

IdenTrust

IdenTrust

IdenTrust enables organizations to effectively manage the risks associated with identity authentication.

ITC Secure Networking

ITC Secure Networking

ITC are a leading cloud-based MSSP delivering service innovation in cyber security analytics & cloud technology.

MACH37

MACH37

MACH37 is a market-centric cybersecurity accelerator program designed to facilitate the creation of the next generation of cybersecurity product companies.

Logsign

Logsign

Logsign is a Security Orchestration, Automation and Response (SOAR) platform with next-gen Security Information and Event Management (SIEM) solution.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

ThreatGen

ThreatGen

ThreatGEN™ works with your team to improve your resiliency and industrial cybersecurity capabilities through an innovative and modernized approach to training and services.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

nexSecurity

nexSecurity

neXSecurity is an IT and Information security consulting company with more than 2 decades worth of software development and security experience.

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.

CyberSanctus

CyberSanctus

CyberSanctus provide clients with a variety of pentest plans from the entry level starter plan, which is tailored for personal websites, to enterprise level pentests, tailored for large scale business

Mediatech

Mediatech

Mediatech, specialized in managed Cybersecurity and Cloud services, a single point of contact for your company's IT and infrastructure.

Arculus Cyber Security

Arculus Cyber Security

Arculus Cyber Security enables customers to securely realise the benefits of digital transformation through pragmatic solutions, guidance and services.

PayPal Ventures

PayPal Ventures

PayPal Ventures invests in companies at the forefront of innovation in fintech, payments, commerce enablement, artificial intelligence, blockchain and cryptocurrency, regulatory and cyber technology.