News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. SVR cyber actors adapt tactics for initial cloud access

SVR cyber actors adapt tactics for initial cloud access

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

12:00am, 27 February 2024

TLP Rating: Clear

SVR cyber actors adapt tactics for initial cloud access

The National Cyber Security Centre (NCSC) would like to draw your attention to an advisory published by the United Kingdom’s National Cyber Security Centre (NCSC-UK). It details recent tactics, techniques, and procedures (TTPs) used by the group commonly known as APT29 — also known as Midnight Blizzard, the Dukes, or Cozy Bear. 

Joint advisory: SVR cyber actors adapt tactics for initial cloud access | NCSC-UK  [PDF, 2.1 MB]

 

What's happening

Systems affected

As organisations continue to modernise their systems and move to cloud-based infrastructure, APT29 has adapted its methods to this environment. This advisory provides an overview of the TTPs used by the group to gain initial access into the cloud systems, along with advice to detect and mitigate this activity.

What this means

The NCSC-UK and international partners assess that APT29 is a cyber espionage group almost certainly linked to the SVR, part of the Russian intelligence services. This attribution, and the details provided in this advisory attribution, are supported by the:

  • US National Security Agency (NSA),
  • US Cybersecurity and Infrastructure Security Agency (CISA),
  • US Cyber National Mission Force (CNMF),
  • Federal Bureau of Investigation (FBI),
  • Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC),
  • Canadian Centre for Cyber Security (CCCS), and
  • New Zealand National Cyber Security Centre (NCSC-NZ)

 

What to look for

How to tell if you're at risk

The advisory details the group’s techniques for targeting cloud environments. Organisations should review the TTPs outlined in the advisory to assess whether their cloud infrastructure may have been targeted or accessed. 

What to do

Prevention

The NCSC recommends that organisations read the report and follow the mitigation advice provided to help protect their networks.

More information

Joint advisory: SVR cyber actors adapt tactics for initial cloud access | NCSC-UK [PDF, 2.1 MB] 

For more NCSC NZ updates, follow us on LinkedIn External Link