Authorities warn of global cyber campaign by Russian intelligence

The British cyber security agency National Cyber ​​Security Center (NCSC) warns that the Russian foreign intelligence service, Sluzhba Vneshney Razvedki (SVR), is conducting a global campaign exploiting known vulnerabilities to infiltrate networks.

The goal of the campaign is believed to be to collect data that can be used for future cyber operations, including support for Russia’s ongoing invasion of Ukraine. The warning from the NCSC was also shared by security authorities in the United States, including the FBI and NSA. Together, they have published a set of guidelines that organizations are encouraged to follow to protect themselves.

SVR cyber actors include APT29, Midnight Blizzard (formerly Nobelium), Cozy Bear, and the Dukes, according to the authorities. Midnight Blizzard and Cozy Bear breached corporate email among senior leadership at Microsoft and HPE earlier this year, respectively.

The attackers are expected to go after targets such as government agencies, diplomatic entities, think tanks, technology companies, and financial institutions around the world. They may also go after opportunistic targets in the form of organizations with vulnerable systems.

“Russian cyber actors are interested in and highly capable of accessing unpatched systems across a range of sectors, and once they are in, they can exploit this access to meet their objectives. All organisations are encouraged to bolster their cyber defences: take heed of the advice set out within the advisory and prioritise the deployment of patches and software updates,” NCSC Chief Operating Officer Paul Chichester said in a statement.

Tactics, techniques, and procedures (TTPs) of the SVR include spearphising, password spraying, supply chain and trusted relationship abuses, custom malware, and cloud exploitation for initial access and privilege escalation.