The UK and US have issued a joint cyber warning about Russian online destabilisation efforts -with government, think tanks, tech and financial firms listed as top targets.
Cyber chiefs from the National Cyber Security Centre (NCSC) – part of GCHQ – and the US’s Federal Bureau of Investigation (FBI), and National Security Agency (NSA) have published advice to help organisations guard against online attacks by Russia’s Foreign Intelligence Service (SVR).
The advisory focuses on the latest tactics being used by SVR actors to collect foreign intelligence for future cyber operations, including in support of Russia’s ongoing invasion of Ukraine.
It warns the SVR attackers are exploiting vulnerabilities at a mass scale as part of a continued global campaign and more than 20 publicly disclosed vulnerabilities have been shared which the threat actors are assessed to have the capability and interest to exploit.
The SVR cyber actors, also known as APT29, generally have two types of intended victims: targets of intent and targets of opportunity.
Targets of intent include government and diplomatic entities, think tanks, technology companies, and financial institutions across the globe, including in the UK.
Targets of opportunity are located by scanning internet-facing systems for unpatched vulnerabilities at scale which are then opportunistically exploited – meaning any organisation with vulnerable systems could be targeted.
For both sets of victims, once initial access has been achieved, the SVR cyber actors can then conduct follow-on operations from compromised accounts or attempt to pivot to other networks connected to the victim, such as in their supply chain.
NCSC Director of Operations Paul Chichester said: “Russian cyber actors are interested in and highly capable of accessing unpatched systems across a range of sectors, and once they are in, they can exploit this access to meet their objectives.
“All organisations are encouraged to bolster their cyber defences: take heed of the advice set out within the advisory and prioritise the deployment of patches and software updates.”
Any UK organisations that may have been compromised through the vulnerabilities described in the advisory should report it to the NCSC.
Earlier this year, the NCSC exposed how malicious cyber actors linked to Russia’s SVR were adapting their techniques in response to the increasing shift to cloud-based infrastructure.
SVR cyber actors are commonly known for the supply chain compromise of SolarWinds and the targeting of organisations involved in the development of the COVID-19 vaccine.