The National Security Agency and partners from the U.S., Canada, Australia, the U.K. and New Zealand have released a joint cybersecurity advisory outlining the tactics, techniques and procedures used by Russian foreign intelligence service, or SVR, cyber actors to infiltrate cloud-hosted networks.
The advisory focuses on how the Russian SVR cyber actors, also known as APT29, Midnight Blizzard, the Dukes or Cozy Bear, target an organization’s cloud environment by logging into inactive accounts and automated system accounts using techniques such as password spraying.
“We, along with our valued partners in the U.K., have seen the potential for Russian state actors to infiltrate cloud environments and we’re responding accordingly. As the world modernizes their systems, we need to do all we can to reduce the attack surface for cyber actors to penetrate,” said Rob Joyce, NSA’s director of cybersecurity and a two-time Wash100 awardee.
According to the advisory, SVR threat actors have previously targeted governmental, think tank, healthcare and energy sectors and are expanding their campaigns to include aviation, law enforcement, education, defense and local and state governments.
To mitigate the threats, the advisory recommends that network defenders and organizations enforce cybersecurity measures, including system account management, conditional access policies, device enrollment, strong passwords, multifactor authentication and system updates.
The Potomac Officers Club will host the 2024 Cyber Summit on June 6 to discuss the ever-evolving role of cyber across the government sector. Click here to register!
