The Federal Bureau of Investigation (FBI), Department of Homeland Security, and CISA have released a Joint Cybersecurity Advisory (CSA) addressing Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—continued targeting of U.S and foreign entities. The SVR activity—which includes the recent SolarWinds Orion supply chain compromise—primarily targets government networks, think tank and policy analysis organizations, and information technology companies and seeks to gather intelligence information.
This CSA complements the CISA, FBI, and National Security Agency (NSA) Joint CSA: Russian SVR Targets U.S. and Allied Networks and provides tactics, tools, techniques, and capabilities to help organizations conduct investigations and secure their networks.
CISA encourages users and administrators to review Joint CSA AA21-116A: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders and implement the recommended mitigations. For additional information on SVR-related activity, review the following resources:
- CISA-FBI-NSA Joint Cybersecurity Advisory: Russian SVR Targets U.S. and Allied Networks
- CISA Current Activity: NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks
- White House Statement: Imposing Costs for Harmful Foreign Activities by the Russian Government