February 27, 2024 at 05:45AM
Cybersecurity and intelligence agencies from the Five Eyes nations have issued a joint advisory on the evolving tactics of the Russian state-sponsored threat actor APT29, also known by several aliases. The advisory details the group’s affiliation with the SVR and their targeting of organizations through cloud-based infrastructure and techniques such as password spraying and token access.
Key takeaways from the meeting notes on NewsroomCloud Security / Threat Intelligence:
– Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor APT29, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard, and The Dukes.
– APT29 is assessed to be affiliated with the Foreign Intelligence Service (SVR) of the Russian Federation and has recently targeted Microsoft, Hewlett Packard Enterprise (HPE), and other organizations as part of their cyber espionage activities.
– The SVR has adapted its tactics to target cloud-based infrastructure, including obtaining access via brute-force and password spraying attacks, using tokens to access accounts without the need for a password, and leveraging techniques to bypass multi-factor authentication (MFA) requirements.
– SVR also employs residential proxies to make malicious traffic appear as if it’s originating from IP addresses within internet service provider (ISP) ranges used for residential broadband customers, concealing their true origins and making it harder to distinguish malicious connections from typical traffic.
– Organizations using cloud infrastructure should protect against SVR’s Tactics, Techniques, and Procedures (TTPs) for initial access to defend against potential breaches. Once SVR gains initial access, they are capable of deploying highly sophisticated post-compromise capabilities such as MagicWeb.
These takeaways encapsulate the main points discussed in the meeting notes on NewsroomCloud Security / Threat Intelligence.