A joint cybersecurity advisory from the United States and allied countries revealed that the Russian General Staff Main Intelligence Directorate 85th Main Special Service Center, also known as APT28, Fancy Bear and Forest Blizzard in the cybersecurity community, launched a cyber-espionage campaign targeting Western government organizations, commercial logistics entities, transportation services and technology companies, including those involved in providing assistance to Ukraine.
The National Security Agency, one of the authors of the CSA, said Wednesday that the Russian state-sponsored cyber actor uses password spraying, spearphishing and modification of Microsoft Exchange mailbox permissions, among other previously disclosed and novel tactics, techniques and procedures—a.k.a. TTPs—to infiltrate target entities.
Table of Contents
Cyber Risk Mitigation
The advisory urged at-risk organizations to increase monitoring and threat hunting for known TTPs and indicators of compromise to defend against potential cyberattacks. Recommended security mitigations include employing network segmentation and restrictions to limit access; considering zero trust principles when designing systems; collecting and monitoring Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly; and strengthening and refining the processes that manage digital identities and control access.
The CSA identified the countries with targeted entities, including Bulgaria, the Czech Republic, France, Germany, Greece, Italy, Moldova, the Netherlands, Poland, Romania, Slovakia, Ukraine and the United States.
Cyber Operations Linked to Russia-Ukraine Conflict
According to the advisory, the Russian cyber group likely used access to internet-connected private cameras in Ukraine and those near bordering crossings, military installations and rail stations to track the movement of materials into Kyiv. The actors targeted Real-Time Streaming Protocol servers hosting IP cameras primarily located in Ukraine as early as March 2022 in a large-scale campaign, which included attempts to enumerate devices and gain access to the cameras’ feeds, the CSA added.
To defend against the malicious activity, the advisory recommended applying security patches and firmware updates to all IP cameras, disabling remote access and using a firewall to prevent communication with the camera from IP addresses not on an allowlist.
The CSA’s authoring agencies include the NSA, the FBI, the U.K. National Cyber Security Centre, the German Federal Intelligence Service, the Czech Republic Military Intelligence, the Polish Internal Security Agency and the Australian Cyber Security Centre.
Related Articles
The Senate on Thursday confirmed by voice vote Lt. Gen. Shawn Bratton as the U.S. Space Force’s vice chief of space operations. According to a congressional notice, Bratton, who was nominated to the role in mid-July, will also be promoted to the rank of general. With his confirmation, Bratton replaces Gen. Michael Guetlein, who was named program manager for the Trump administration’s Golden Dome missile defense shield initiative. The GovCon Golden Dome conversation will be in full force at the 2025 Navy Summit in the lunch panel: “Supporting the Shield: Navy’s Role in the Golden Dome Architecture.” This industry-focused panel
Katie Arrington, a previous Wash100 awardee who currently performs the duties of the Department of Defense’s chief information officer, has released a memorandum to help DOD better manage risks facing its information and communications technology supply chain. In the June 5 memo, Arrington said she called for an update of the Requirements for the Acquisition of Digital Capabilities Guidebook concurrent with the Software Fast-Track, or SWFT, initiative development timeline. DOD Software Fast-Track Initiative In April, the acting CIO directed the establishment of the SWFT initiative to advance DOD’s adoption of best practices to transform the way it acquires, tests, authorizes
The Senate voted on Saturday 50-45 to confirm Paige Hallen Hanson as the next U.S. Environmental Protection Agency new chief financial officer. In her role, Hanson will manage EPA’s almost $100 billion allocation and its financial and resource management systems, the agency said in a Monday press release. Commenting on her appointment, Hanson said she was grateful to lead the EPA’s financial operations. “From budgeting to payments, performance measures to financial technology, the work of this talented team enables the critical mission EPA plays in protecting human health and the environment,” she remarked. Who Is Paige Hallen Hanson? Before her