Best Practices for Network Defenders to Identify and Block Russian Cyber Operations
A joint cybersecurity advisory has been issued by the Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) about ongoing cyber operations by the Russian Foreign Intelligence Service (SVR).
The advisory provides further information on the tactics, techniques, and procedures (TTPs) used by SVR hackers to gain access to networks and the stealthy intrusion tradecraft used to move laterally within compromised networks. Best practices have been shared to allow network defenders to improve their defenses, secure their networks, and conduct investigations to determine whether their systems have already been compromised.
The advisory follows on from an April 15, 2021 joint alert from the NSA, CISA, and FBI following the formal declaration by the U.S. Government that the SolarWinds supply chain attack was conducted by SVR cyber actors known as The Dukes, CozyBear, Yttrium, and APT29. The CVR operatives are primarily targeting government agencies, policy analysis organizations and think tanks, IT companies, and critical infrastructure companies to gather intelligence information.
Prior to 2018...