NSA, CISA, FBI, and the UK NCSC Further Expose Russian Intelligence Cyber Tactics

The National Security Agency (NSA), the United Kingdom’s National Cyber Security Centre (NCSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released an unclassified cybersecurity advisory, “Further TTPs associated with SVR cyber actors” today. This advisory expands on the NSA, CISA, and FBI joint advisory released in April, “Russian SVR Targets U.S. and Allied Networks,” by outlining additional techniques the Russian Foreign Intelligence Service (SVR) leveraged to gain footholds into victim networks.

Visit NCSC’s reports and advisories page to read the advisory.

The advisory provides mitigation guidance and detection strategies to help network defenders prioritize patching and further protect their networks against nation-state exploitation.

The document explains that the SVR continues to exploit publicly known vulnerabilities. It also details how SVR actors have targeted mailbox administrators to acquire further network information and access.

The advisory also notes the malware and command and control (C2) tools SVR has used in its various cyber activities, including a newly discovered use of an open source C2 tool called Sliver.

Mitigating against these vulnerabilities remains critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors. This joint advisory provides actionable information to the cybersecurity community and government-affiliated network defenders, helping them gain a more comprehensive understanding of the threats and the mitigation advice and guidance to protect their networks.

Read more at NSA

(Visited 325 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

Go to Top
X