CISA, in partnership with UK National Cyber Security Centre (NCSC) and other U.S. and international partners released the joint advisory, SVR Cyber Actors Adapt Tactics for Initial Cloud Access. This advisory provides recent tactics, techniques, and procedures (TTPs) used by Russian Foreign Intelligence Service (SVR) cyber actors—also known as APT29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard—to gain initial access into a cloud environment.

The authoring agencies encourage network defenders and organizations review the joint advisory for recommended mitigations. For more information on APT29, see joint CSA Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally or visit CISA’s Russia Cyber Threat Overview and Advisories page. For more guidance on cloud security best practices, see CISA’s Secure Cloud Business Applications (SCuBA) Project.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

US Government Warns Healthcare is Biggest Target for BlackCat Affiliates

February 29, 2024 0 Comments 0 tags

The US government advisory warns healthcare organizations are being targeted by BlackCat amid an ongoing cyber-incident affecting Change Healthcare

Read More

Top UK Universities Recovering Following Targeted DDoS Attack

February 20, 2024 0 Comments 0 tags

The attack, which has been claimed by Anonymous Sudan, has been confirmed to have impacted IT services at the universities of Cambridge and Manchester

Read More

UK ICO Vows to Safeguard Privacy in AI Era, Rules Out Bespoke Regulation

February 28, 2024 0 Comments 0 tags

UK Information Commissioner John Edwards explains how the ICO is working to provide clarity around the lawful use of AI

Read More