Longstanding cyberespionage and data collection units tied to Russia’s Foreign Intelligence Service (SVR) are evolving their techniques to gain access to cloud environments, the British, U.S. and partner governments said in an advisory Monday.

The advisory — issued by the U.K.’s National Cyber Security Centre and co-signed by a range of counterpart agencies in the U.S., Australia, Canada and New Zealand — details the evolving tactics, techniques and procedures that SVR hacking operations, tracked widely under the “APT29” and “Cozy Bear” monikers, are employing to penetrate the increasing number of cloud environments used by both private and public organizations.

APT29 operations are considered highly sophisticated and have been tracked since at least 2014, targeting a wide range of North American and European industries, including biotechnology, government, nonprofits, telecommunications and think tanks, according to an April 2022 report from Mandiant.

The U.S. government, for instance, attributed to APT29 the 2020 SolarWinds supply chain attack, one of the most consequential cyberespionage operations in recent years.

Even still, the agencies said Monday, basic cloud security measures can go a long way toward stymieing APT29 efforts.

“The SVR is a sophisticated actor capable of carrying out a global supply chain compromise such as the 2020 SolarWinds, however the guidance in this advisory shows that a strong baseline of cyber security fundamentals can help defend from such actors,” the notice read.

Attackers must first successfully authenticate to the cloud provider, the notice read, so basic steps can go a long way. Some of those steps include regularly evaluating and disabling dormant accounts that could be tied to employees who are no longer with organizations, working with cloud providers to limit the validity time of system-issued tokens (which enable logins without passwords), and more stringent device-enrollment policies.

The Cybersecurity and Infrastructure Security Agency has also shared best practices for business-oriented cloud environments through its Secure Cloud Business Applications (SCuBA) project, the advisory said.

The post Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Fifth of British Kids Have Broken the Law Online

February 19, 2024 0 Comments 0 tags

A new National Crime Agency study reveals 20% of 10- to 16-year-olds have violated the Computer Misuse Act

69% of Organizations Infected by Ransomware in 2023

February 27, 2024 0 Comments 0 tags

Proofpoint found that 69% of organizations experienced a successful ransomware incident in the past year, with 60% hit on four or more occasions

Russian Hackers Launch Email Campaigns to Demoralize Ukrainians

February 21, 2024 0 Comments 0 tags

ESET researchers reveal a Russian threat actor has targeted Ukrainian citizens with PYSOPs messages warning of impacts such as food and medicine shortages from the war