DomSigurnosne operacijeWarning issued to US and allies as Russian hackers transition to cloud...

Upozorenje izdano SAD-u i saveznicima dok ruski hakeri prelaze na napade u oblaku

Objavljeno na

spot_img

Five Eyes Alliance Warns of Increase in APT29 Russian Foreign Intelligence Service Attacks on Cloud Services

In a joint advisory issued by the members of the Five Eyes (FVEY) intelligence alliance, including the U.K.’s National Cyber Security Centre (NCSC), the NSA, CISA, the FBI, and cybersecurity agencies from Australia, Canada, and New Zealand, it was revealed that APT29 Russian Foreign Intelligence Service (SVR) hackers have shifted their focus to targeting victims’ cloud services. This shift marks a new phase in the cyber threat landscape, with the Russian threat group adapting to the modernization of systems and the migration to cloud-based infrastructure by organizations.

The APT29 group, also known as Cozy Bear, Midnight Blizzard, and The Dukes, gained notoriety for breaching multiple U.S. federal agencies in the aftermath of the SolarWinds supply-chain attack that they orchestrated over three years ago. During their campaign, they also compromised Microsoft 365 accounts belonging to entities within NATO nations to steal foreign policy-related data and conducted phishing attacks targeting governments, embassies, and senior officials across Europe.

More recently, Microsoft confirmed that APT29 hackers breached Exchange Online accounts of executives and users from other organizations in November 2023, further highlighting the group’s relentless cyber espionage activities.

The Five Eyes agencies discovered that APT29 hackers are now exploiting vulnerabilities in cloud infrastructure, gaining access to their targets’ cloud environments through compromised access service accounts obtained through brute force or password spraying attacks. They are also utilizing dormant accounts left in targeted organizations, enabling them to re-access systems even after password resets. Additionally, the hackers are leveraging stolen access tokens, compromised residential routers for proxying malicious activity, MFA fatigue to bypass multi-factor authentication, and registering their own devices as new devices on victims’ cloud tenants to establish initial access.

To combat SVR cloud attacks, network defenders are urged to implement measures such as enabling MFA and strong passwords, following the principle of least privilege for system and service accounts, creating canary service accounts for quicker compromise detection, and reducing session lifetimes to prevent the use of stolen session tokens. Monitoring for indicators of compromise and implementing safeguards against SVR’s tactics, techniques, and procedures (TTPs) for initial access are essential steps to enhance defense against this evolving cyber threat.

The advisory emphasized the importance of organizations protecting themselves against APT29’s tactics to strengthen their defense posture and mitigate the risk of falling victim to SVR’s cyber espionage activities. By following the recommended mitigations outlined in the advisory, organizations can enhance their resilience against sophisticated cyber threats and safeguard their cloud infrastructure from compromise.

As cyber threats continue to evolve and threat actors like APT29 adapt their techniques to target cloud services, proactive defense measures and collaboration among international intelligence alliances will be crucial in countering the growing cyber threat landscape. The Five Eyes alliance’s warning serves as a reminder of the ongoing challenges posed by sophisticated threat actors and the need for organizations to remain vigilant in the face of evolving cyber threats.

Link na izvor

Najnoviji članci

Flaw in Zendesk’s Email System Allows Attackers to Access Support Tickets

A critical security vulnerability has been discovered in the popular customer service tool, Zendesk,...

Effective Strategies for Managing Cyber Risks on Mobile Devices

Mobile devices have become an essential part of our daily lives, both personally and...

New method of exploitation unveiled

A recent development in the realm of hacking has brought to light a new...

Open House: How can we prevent cybercrime in the city?

In today's digital age, the threat of cybercrime looms large, affecting individuals, businesses, and...

Još ovako

Flaw in Zendesk’s Email System Allows Attackers to Access Support Tickets

A critical security vulnerability has been discovered in the popular customer service tool, Zendesk,...

Effective Strategies for Managing Cyber Risks on Mobile Devices

Mobile devices have become an essential part of our daily lives, both personally and...

New method of exploitation unveiled

A recent development in the realm of hacking has brought to light a new...
hrCroatian