Joint advisory: Further TTPs associated with SVR cyber actors
The NCSC, CISA, FBI and NSA publish advice on detection and mitigation of SVR activity following the attribution of the SolarWinds compromise.
CISA, the FBI, the NSA, and UK’s National Cyber Security Centre (NCSC) are alerting organizations to updated Tactics, Techniques and Procedures (TTP’s) used by Russian Foreign Intelligence Service (SVR) Cyber Operations group, known as APT29, Cozy Bear, etc. The alert urges organizations to use available patches on several known vulns, in an advisory following the public attribution of the SVR to the SolarWinds compromise in 2020.
Matias Katz, CEO, Byos: “The old saying ‘the only two things certain in life: death and taxes’ should be modified to ‘death, taxes, and vulnerabilities.’ One viable strategy for managing this inevitability is network micro-segmentation following a zero trust architecture. With this, vulnerable endpoints can be properly isolated from the network to proactively limit any potential damage that can be done if these vulnerabilities are exploited.”
Saryu Nayyar, CEO, Gurucul (she/her): “Once again, we see Russian cyber attacks targeting vulnerabilities in popular networking and web server applications including FortiGate, Cisco, Oracle WebLogic, Citrix, VMWare and F5. As long as there are still unpatched systems accessible on the open internet, we will see attacks like this. The payloads may change depending on what the threat actor is after, but attackers will continue to leverage vulnerabilities in web servers, routers and virtualization software until there aren’t any vulnerable hosts to exploit. This series of attacks is a reminder of how important it is to patch security vulnerabilities, and to make sure the network is protected with an up-to-date security stack.”