February 26, 2024 at 12:35PM
The Five Eyes intelligence alliance issued a warning about increased targeting of cloud services by APT29, a Russian hacking group. A joint advisory by international cybersecurity agencies highlights APT29’s tactics, including compromising access credentials and exploiting dormant accounts. Recommendations for defenders include enabling multi-factor authentication and strong passwords, among others, to safeguard against these attacks.
The Five Eyes intelligence alliance is warning about increased targeting of cloud services by the Russian Foreign Intelligence Service hackers known as APT29. The SVR is adapting to modernized systems and increasingly targeting cloud-based infrastructure, using various means to gain access to their targets. To defend against these attacks, network defenders are advised to enable multi-factor authentication (MFA), use strong passwords and the principle of least privilege, create canary service accounts, and monitor for indicators of compromise. Additionally, they should minimize session lifetimes and only allow device enrollment for authorized devices. These measures are recommended to strengthen defenses against APT29’s tactics for initial access.