- UK and US cyber agencies highlight ongoing exploitation of vulnerabilities at scale by Russian cyber actors.
- Organisations encouraged to rapidly deploy patches and prioritise software updates to prevent systems being accessed by online actors linked to Russia’s Foreign Intelligence Service.
Cyber chiefs in the UK and US have today (Wednesday) published advice to help organisations guard against online attacks by Russia’s Foreign Intelligence Service (SVR).
In a new advisory, the National Cyber Security Centre (NCSC) – part of GCHQ – and agencies in the United States have shared the latest tactics being used by SVR actors to collect foreign intelligence for future cyber operations, including in support of Russia’s ongoing invasion of Ukraine.
The advisory warns the SVR attackers are exploiting vulnerabilities at a mass scale as part of a continued global campaign and more than 20 publicly disclosed vulnerabilities have been shared which the threat actors are assessed to have the capability and interest to exploit.
The SVR cyber actors, also known as APT29, generally have two types of intended victims: targets of intent and targets of opportunity.
Targets of intent include government and diplomatic entities, think tanks, technology companies, and financial institutions across the globe, including in the UK.
Targets of opportunity are located by scanning internet-facing systems for unpatched vulnerabilities at scale which are then opportunistically exploited – meaning any organisation with vulnerable systems could be targeted.
For both sets of victims, once initial access has been achieved, the SVR cyber actors can then conduct follow-on operations from compromised accounts or attempt to pivot to other networks connected to the victim, such as in their supply chain.
NCSC Director of Operations Paul Chichester said:
“Russian cyber actors are interested in and highly capable of accessing unpatched systems across a range of sectors, and once they are in, they can exploit this access to meet their objectives.
“All organisations are encouraged to bolster their cyber defences: take heed of the advice set out within the advisory and prioritise the deployment of patches and software updates.”
Any UK organisations that may have been compromised through the vulnerabilities described in the advisory should report it to the NCSC.
Earlier this year, the NCSC exposed how malicious cyber actors linked to Russia’s SVR were adapting their techniques in response to the increasing shift to cloud-based infrastructure.
SVR cyber actors are commonly known for the supply chain compromise of SolarWinds and the targeting of organisations involved in the development of the COVID-19 vaccine.
The advisory has been jointly published by the NCSC, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA).
