Intelligence agencies in the US and UK have issued a joint statement warning organizations worldwide – both governmental and private – of cyber threats posed by hacking groups affiliated with Russia’s Foreign Intelligence Service (SVR).

The joint cybersecurity advisory, published on Oct. 10, said the malicious groups are “highly capable of and interested in exploiting software vulnerabilities for initial access” of different organizations, where they can then further their operations by spreading through connected networks.

The report also warned that the SVR’s cyber operations focused on remaining undetected, meaning prevention by implementing robust security systems and patching vulnerabilities are key to mitigating the risks.

Advertisement

“Since at least 2021, Russian SVR cyber actors – also tracked as APT29, Midnight Blizzard (formerly Nobelium), Cozy Bear, and the Dukes – have consistently targeted US, European, and global entities in the defense, technology, and finance sectors to collect foreign intelligence and enable future cyber operations, including in support of Russia’s ongoing invasion of Ukraine since February 2022,” read the report. 

The report categorized the victims as “targets of intent” and “targets of opportunity,” where the former comprises “government and diplomatic entities, technology companies, think tanks, international organizations, and cleared defense contractors,” with the hacking groups aiming to “[collect] foreign intelligence and technical data as well as [establish] accesses to enable subsequent downstream/supply chain compromises.”

Pyongyang Delivered More Artillery, Rocket Launchers to Moscow, Seoul Says
Other Topics of Interest

Pyongyang Delivered More Artillery, Rocket Launchers to Moscow, Seoul Says

Seoul’s intelligence said Pyongyang sent artillery and rocket launchers currently not used by Russia, meaning North Korean troops are likely responsible for their instructions and maintenance.

The latter consists of all entitles with “Internet-accessible infrastructure vulnerable to exploitation through publicly disclosed vulnerabilities,” where the groups could then further their cyber operations by compromising said entities.

Advertisement

The report also contained a list of known security breaches related to the cyber groups, as well as the exploitations used in the cyber attacks.

Paul Chichester, director of operations of the UK’s National Cyber Security Centre, said that patching and updating systems are key to mitigating the risks.

“Russian cyber actors are interested in and highly capable of accessing unpatched systems across a range of sectors, and once they are in, they can exploit this access to meet their objectives.

“All organizations are encouraged to bolster their cyber defenses: Take heed of the advice set out within the advisory and prioritize the deployment of patches and software updates,” said Chichester, as per the UK Defence Journal.

In Ukraine, it’s believed that the largest hack on Kyivstar, one of the country’s telecommunication operators, in December 2023 was initiated through compromised accounts in the supply chain, where the malicious group gained further access to the infrastructure and rendered the network inoperable for days.

A report prepared in March by the Henry Jackson Society, a UK-based think tank, on cybersecurity for the UK Parliament has highlighted past and ongoing Russian cyberattacks against targets in Ukraine and the West, including critical infrastructure, with real-world consequences reaching far beyond cyberspace.

Advertisement

David Kirichenko, the report’s author, described the Russo-Ukrainian war as the “first all-out cyber war between two nation-states” where Moscow has continued to incorporate cyberattacks with physical strikes, and he emphasized the importance for the West to assist Ukraine and learn from the experience to prepare for future Russian incursions.

To suggest a correction or clarification, write to us here
You can also highlight the text and press Ctrl + Enter