Russian Hackers Actively Targeting the U.S. and Other Organizations

russian hackers

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

The FBI, DHS, and CISA have now warned about ongoing attacks coordinated by the Russian Foreign Intelligence Service (SVR) or APT29 against U.S. and foreign organizations. Moreover, the SVR had a connection with the recent SolarWinds Orion supply chain attack.

About the warning

The joint advisory provides additional information on APT29 tactics, tools, techniques, and capabilities. Among the TTPs associated with SVR, the federal agencies highlighted the following.

  • Password Spraying: In one compromise of a large network (in 2018), the threat actors used password spraying to spot a weak password linked with an administrative account.
  • Leveraging Zero-Day Vulnerability: In another incident, SVR used a zero-day exploit (CVE-2019-19781) against a VPN appliance to gain access inside the network.
  • The WELLMESS Malware: In 2020, intrusion attempts on governments in the U.K, Canada, and the U.S., that were performed using malware known as WELLMESS, were attributed to APT29 (aka SVR).
  • Similarities with SolarWinds-enabled Intrusions: Mid-2020, the APT group used modified SolarWinds network monitoring software as an initial intrusion vector. The attack vector is similar to other SVR-sponsored intrusions.

Additional insights 

The recent attacks were aimed at government networks, think tanks, policy analysis organizations, and IT companies. The attackers were looking for intelligence information from the targeted entities.

  • Recently, the U.S. government formally linked the SolarWinds supply chain attack to APT29.
  • In addition, the recent advisory complements a previous one published on April 15, sharing details about vulnerabilities exploited by the threat actor.

Conclusion

The CISA stated that APT29 will continue to collect intelligence from U.S. and foreign entities with cyber exploitation. It is using a range of sophisticated initial exploitation techniques, along with stealthy intrusion. In addition, the security alert shared recommendations and mitigation measures that should be followed by organizations worldwide.

Subscribe To Our Newsletter

More To Explore

website creation
Internet

10 Attributes to a Good Website

What’s the one thing that can make your business bigger than ever? The answer is- ‘having a good online presence’. And how do you create

iphone security
Computer, Internet Security

Mettez à jour vos iPhone, Mac et iPad !

Apple prévient que des failles sont peut-être exploitées Apple diffuse une série de correctifs pour iOS 14.5, mais aussi pour macOS Big Sur et l’Apple

Wanna take it to the next level?

drop us a line and let's get started

We're Here To help

Feel free to contact us, and we’ll be more than happy to answer all of your questions.

a2Da Digital

a2Da Digital is a brand of a2Da Enterprises

ERHUB
Ahtri 12
10151 Tallinn, Estonia

[email protected]

+372 712 4283
Hours : 08:00 to 18:00 Mon – Fri
Support 24×7 Submit a Ticket Here
Registered in Tallinn, EE : 14740580
VAT : EE102279616

Secured BACKUP

Nothing is more important than having your data available at all times, wherever you are, whatever you do.

At a2Da Digital we provide real time backup of your data, and because your data belongs to you, you are the only one able to use it. No advertising, no reading your documents to propose targeted advertising! It’s your data and only yours!

And because it is important that your documents are really safe, they go through our award-winning anti virus systems so you don’t backup viruses as well!

We use SYNOLOGY world-renowned backup servers to guarantee the integrity of your data, and back up the backup as a fail-safe.

You use several terminals (desktop, laptop, telephone, tablet)? You can use our system as a centralized repository of your documents so everything is synchronized in real time and available to you no matter the terminal.

Our company is a collective of amazing people striving to build solutions you need.

Actual people, easy to contact and who know what they are doing, these are the members of the team you will deal with. We all speak French and English, have an engineer level not matter the position and will be able to answer all your questions as quickly as possible. Just drop an email at [email protected] with your question.

We have both eyes on our equipment, update and maintain it ourselves 24/7 and have constructed an architecture that we believe is sound, secured, efficient and cost effective.