Joint Cybersecurity Advisory: Russian Foreign Intelligence Service Cyber Operations Trends and Best Practices for Network Defenders

The FBI, the U.S. Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency (CISA) have published a Joint Cybersecurity Advisory presenting their assessment that Russian Foreign Intelligence Service (SVR) cyber actors – also known as APT29, the Dukes, CozyBear, and Yttirum – will continue to attempt to exploit U.S. and other foreign entities using a range of initial techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks. The U.S. formally attributed the SolarWinds exploitation campaign to Russia, and the SVR in particular, earlier this month, as WaterISAC discussed in the April 15 Security & Resilience Update. The advisory provides information on the SVR’s tools, targets, techniques, and capabilities to aid organizations in conducting their own investigations and securing their networks. Read the advisory at WaterISAC below as an alert at CISA.