SVR targets Zimbra, TeamCity servers for cyber espionage in Russia

SeniorTechInfo
2 Min Read

Russian Hackers Conducting Ongoing Cyber Espionage Campaign, Says US and UK Intelligence

Recent joint advisory from US and UK intelligence agencies has revealed that Russian hackers from the Foreign Intelligence Service (SVR) have been engaged in a long-term cyber espionage campaign targeting entities in the US, Europe, and globally. The hacking group, known as APT29 or Cozy Bear, has been gathering intelligence and laying the groundwork for future cyber operations for years.

This sophisticated spying campaign, which has been active since at least 2021, has played a role in Russia’s ongoing invasion of Ukraine since February 2022. The targets of these attacks include government agencies, technology companies, think tanks, international organizations, and defense contractors mainly located in North America and Western Europe. However, organizations in Asia, Africa, Russia’s neighboring countries, and South America have also been affected.

SVR’s tactics involve scanning vulnerable systems, exploiting known vulnerabilities, spearphishing, password spraying, supply chain abuse, and deploying custom malware. The hackers use various techniques such as living-off-the-land and obfuscation via TOR network to maintain persistence in victim networks and cloud environments.

Recommendations for Mitigating the Threat

To combat the SVR cyber espionage threat, the US and UK agencies have provided a list of mitigation recommendations, including:

  • Prioritizing timely deployment of patches and software updates
  • Enabling automatic updates where feasible
  • Disabling unnecessary Internet-accessible services and removing unused applications
  • Checking for open ports and obsolete protocols on Internet-facing systems
  • Implementing multifactor authentication and monitoring for unusual activity

The joint advisory signatories, which include the FBI, NSA, CNMF, and NCSC, emphasize the importance of taking proactive measures to safeguard against cyber threats posed by APT29 and other malicious actors.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *