Pixelette Technologies

FBI And Other US Agencies Uncover Activities By Russian Intelligence Hackers

The U.S. The Department of Homeland Security (DHS), the FBI, and the Cyber security and Infrastructure Security Agency have released a joint advisory on Monday.

It is seeking to expose Russian Foreign Intelligence Service (SVR) tactics, techniques, and procedures. SVR is accused of carrying out attacks targeting the U.S and foreign entities.

In their intelligence agencies report, “the SVR activity is targeted toward government networks, think tank and policy analysis organizations, and information technology companies primarily as a means of acquiring intelligence information via stealthy intrusion tradecraft within compromised networks.”

Cyberespionage campaign

In addition to AP 29, Dukes, Cozy Bear, and Yttrium, the cyber actor is also tracked as part of State Department sanctions against Russia.

The U.S. also formally identified the Cyberespionage campaign to be connected to SVR. 

It was confirmed that the attacks and threats were real and carried out by the Russian Foreign Intelligence Service.

Learn what is FBI and DHS are up to?

APT29, since gaining traction in 2013, has committed a number of attacks to infiltrate victim networks, moving undetected throughout their environment, and stealing sensitive information.

The actor changed tactics substantially in 2018, moving from targeting targeted networks to performing attacks on cloud-based email services.

This was borne out in the SolarWinds attack, where the actor infected Office 365 organizations using Orion binaries as an intrusion vector.

Post-attack activities

These post-infection activities appear to be similar to some other SVR-sponsored attacks, including the way the adversary moved through the networks in order to acquire email access.

As a result, solarwinds.com might have been blamed for these operations even if the method used to gain an initial foothold differed noticeably from FBI SolarWinds.com.

“Targeting cloud resources probably reduces the likelihood of detection by using compromised accounts or system misconfigurations to blend in with normal or unmonitored traffic in an environment not well defended, monitored, or understood by victim organizations,” the agency noted.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Recent Posts

SUBSCRIBE FOR NEWSLETTER

Topic(s) Of Interest

Social Share

Share this post with your friends, if you found our content interesting.

× How can I help you?