Adrian Johnson
TLDR:
– Five Eyes intelligence agencies warn of new tactics used by Russian cyber threat actors, particularly APT29.
– APT29, also known as Midnight Blizzard, Dukes, or Cozy Bear, is targeting organizations shifting to cloud-based infrastructure.
In a joint advisory, the UK’s National Cyber Security Centre (NCSC) and other Five Eyes intelligence agencies have exposed evolving tactics employed by Russian-linked cyber threat actors. The advisory focuses on APT29, a threat group associated with Russia’s Foreign Intelligence Service (SVR), known for adjusting its strategies to target organizations transitioning to cloud-hosted environments.
While traditionally SVR actors exploited software vulnerabilities, the shift towards cloud infrastructure in various sectors has led them to employ new tactics. They are now stealing system-issued access tokens, enrolling new devices into victim cloud environments via credential reuse, and using password spraying and brute force techniques to exploit weak passwords and absence of 2-step verification.
Once initial access is obtained, the SVR can deploy sophisticated capabilities, posing a significant threat to organizations’ data security and integrity. The NCSC urges organizations to familiarize themselves with the advisory to defend their networks against these new tactics.
The advisory was jointly published by the NCSC, US Cyber National Mission Force, US CISA, FBI, ASD, CCCS, and NCSC NZ. This warning highlights the importance of staying vigilant and adapting to the evolving techniques of cyber threat actors.
