{"id":722,"date":"2024-10-14T16:26:00","date_gmt":"2024-10-14T16:26:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=722"},"modified":"2024-10-14T16:26:00","modified_gmt":"2024-10-14T16:26:00","slug":"authorities-warn-of-global-cyber-campaign-by-russian-intelligence","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=722","title":{"rendered":"Authorities warn of global cyber campaign by Russian intelligence"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>The British cyber security agency National Cyber \u200b\u200bSecurity Center (NCSC)\u00a0<a href=\"https:\/\/www.ncsc.gov.uk\/news\/russian-foreign-intelligence-poses-global-threat-with-cyber-campaign-exploiting-established-vulnerabilities\">warns<\/a>\u00a0that the Russian foreign intelligence service, Sluzhba Vneshney Razvedki (SVR), is conducting a global campaign exploiting known vulnerabilities to infiltrate networks.<\/p>\n<p>The goal of the campaign is believed to be to collect data that can be used for future cyber operations, including support for Russia\u2019s ongoing invasion of Ukraine. The warning from the NCSC was also shared by security authorities in the United States, including the FBI and NSA. Together, they have published a set of\u00a0<a href=\"https:\/\/www.ic3.gov\/Media\/News\/2024\/241010.pdf\">guidelines<\/a>\u00a0that organizations are encouraged to follow to protect themselves.<\/p>\n<p>SVR cyber actors include <a href=\"https:\/\/www.csoonline.com\/article\/2074864\/new-russian-cyberespionage-group-apt29-campaign-targets-politicians.html\">APT29<\/a>, Midnight Blizzard (formerly Nobelium), Cozy Bear, and the Dukes, according to the authorities. Midnight Blizzard and Cozy Bear breached corporate email among senior leadership at <a href=\"https:\/\/www.csoonline.com\/article\/1296269\/russia-based-group-hacked-emails-of-microsofts-senior-leadership.html\">Microsoft<\/a> and <a href=\"https:\/\/www.csoonline.com\/article\/1298283\/hpes-corporate-emails-breached-by-russian-state-sponsored-actor-cozy-bear.html\">HPE<\/a> earlier this year, respectively.<\/p>\n<p>The attackers are expected to go after targets such as government agencies, diplomatic entities, think tanks, technology companies, and financial institutions around the world. They may also go after opportunistic targets in the form of organizations with vulnerable systems.<\/p>\n<p>\u201cRussian cyber actors are interested in and highly capable of accessing unpatched systems across a range of sectors, and once they are in, they can exploit this access to meet their objectives. All organisations are encouraged to bolster their cyber defences: take heed of the advice set out within the advisory and prioritise the deployment of patches and software updates,\u201d NCSC Chief Operating Officer Paul Chichester said in a statement.<\/p>\n<p>Tactics, techniques, and procedures (TTPs) of the SVR include spearphising, password spraying, supply chain and trusted relationship abuses, custom malware, and cloud exploitation for initial access and privilege escalation.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>The British cyber security agency National Cyber \u200b\u200bSecurity Center (NCSC)\u00a0warns\u00a0that the Russian foreign intelligence service, Sluzhba Vneshney Razvedki (SVR), is conducting a global campaign exploiting known vulnerabilities to infiltrate networks. The goal of the campaign is believed to be to collect data that can be used for future cyber operations, including support for Russia\u2019s ongoing [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":723,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-722","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/722"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=722"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/722\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/723"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}