The National Security Agency (NSA), the United Kingdom’s National Cyber Security Centre (NCSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released an unclassified cybersecurity advisory, “Further TTPs associated with SVR cyber actors” today. This advisory expands on the NSA, CISA, and FBI joint advisory released in April, “Russian SVR Targets U.S. and Allied Networks,” by outlining additional techniques the Russian Foreign Intelligence Service (SVR) leveraged to gain footholds into victim networks.
The advisory provides mitigation guidance and detection strategies to help network defenders prioritize patching and further protect their networks against nation-state exploitation.
The document explains that the SVR continues to exploit publicly known vulnerabilities. It also details how SVR actors have targeted mailbox administrators to acquire further network information and access.
The advisory also notes the malware and command and control (C2) tools SVR has used in its various cyber activities, including a newly discovered use of an open source C2 tool called Sliver.
Mitigating against these vulnerabilities remains critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors. This joint advisory provides actionable information to the cybersecurity community and government-affiliated network defenders, helping them gain a more comprehensive understanding of the threats and the mitigation advice and guidance to protect their networks.