• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
Computer Business World News

Computer Business World News

Trending News about Computers, Business and Tech

  • Home
  • BUSINESS
  • CAREERS
  • CLOUD
  • COMPUTERS
  • CYBERSECURITY
  • I.T.
  • TECH
  • VOIP
  • About

NCSC, CISA publish new information on Russia’s Cozy Bear

by


The UK’s National Cyber Security Centre (NCSC), alongside partners at the US’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have published a new advisory detailing techniques, tactics and procedures (TTPs) being used by the Russian intelligence-linked APT29 group, aka Cozy Bear.

The advisory covers a number of TTPs that the agencies understand the SVR – Russia’s foreign intelligence agency – to use, and builds on the UK’s and the US’s recent attribution of the large-scale SolarWinds-linked attacks, as well as warnings issued last year over its use of two new malwares, WellMess and WellMail, against organisations working on Covid-19 vaccines.

“The SVR is Russia’s civilian foreign intelligence service,” said the NCSC. “The group uses a variety of tools and techniques to predominantly target overseas governmental, diplomatic, think-tank, healthcare and energy targets globally for intelligence gain.

“The SVR is a technologically sophisticated and highly capable cyber actor. It has developed capabilities to target organisations globally, including in the UK, the US, Europe, Nato member states and Russia’s neighbours.”

In the wake of last summer’s report on its targeting of vaccine research, Cozy Bear now seems to have pivoted to using a number of new TTPs, in a likely attempt to avoid further detection and remediation, said the NCSC. Among other things, the group has enthusiastically taken up the use of Sliver, an open-source, cross-platform adversary simulation/red team platform.

“The use of the Sliver framework was likely an attempt to ensure access to a number of the existing WellMess and WellMail victims was maintained following the exposure of those capabilities,” said the NCSC. “As observed with the SolarWinds incidents, SVR operators often used separate command and control infrastructure for each victim of Sliver.”

It is also more frequently – and quickly – making use of newly disclosed vulnerabilities. Western intelligence now believes Cozy Bear is among the groups exploiting the widely reported and dangerous Microsoft Exchange Server ProxyLogon vulnerabilities. It has also been spotted exploiting common vulnerabilities in products from Fortinet, Cisco, Oracle, Zimbra, Pulse Secure, Citrix, Kibana and F5 Networks – some of which date back more than three years.

The NCSC said the group’s recent actions clearly demonstrate that managing and applying security updates as a priority would vastly help to reduce the attack surface that Cozy Bear can take advantage of.

It also reiterated its general advice that despite the complex and hard-to-spot nature of supply chain attacks (such as the SolarWinds incident), following basic cyber security principles, implementing network security controls and effectively managing user privileges will help to arrest lateral movement between hosts should an actor such as Cozy Bear make it onto an organisation’s network, and limit the effectiveness of its attacks.



Click to View Original Source

Filed Under: CYBERSECURITY

Primary Sidebar

More to See

Air Force Was ‘Hyper Focused’ on Cybersecurity for IT Networks. Now Other Systems Need Protection.

DAYTON, Ohio—Looking to address Air Force Secretary Frank Kendall’s operational imperatives, cybersecurity leaders with the Air Force Life Cycle … [Read More...] about Air Force Was ‘Hyper Focused’ on Cybersecurity for IT Networks. Now Other Systems Need Protection.

SDSC’s Peter Rose Wins COVID-19 NIH/NICHD Award – High-Performance Computing News Analysis

Aug. 9, 2022 — Peter Rose, director of the Structural Bioinformatics Laboratory at the San Diego Supercomputer Center at UC San Diego, was recently … [Read More...] about SDSC’s Peter Rose Wins COVID-19 NIH/NICHD Award – High-Performance Computing News Analysis

NFT and Metaverse Scams: Cybersecurity

1https://www.forbes.com/sites/jonathanponciano/2022/01/20/nfts-shatter-monthly-trading-record-with-4-billion-in-sales-heres-why-theyre-still-booming-de … [Read More...] about NFT and Metaverse Scams: Cybersecurity

Footer

SITE INFORMATION

COMPUTER BUSINESS WORLD NEWS

About/Contact

Privacy Policy

Thank you for visiting our website.

Recent

  • Ray Saitz: Back to school for computers, too
  • Air Force Was ‘Hyper Focused’ on Cybersecurity for IT Networks. Now Other Systems Need Protection.
  • SDSC’s Peter Rose Wins COVID-19 NIH/NICHD Award – High-Performance Computing News Analysis

Search

Copyright © 2022 Computer Business World