Here's what Russia's SVR spy agency does when it breaks into your network, says US CISA infosec agency

Here's what Russia's SVR spy agency does when it breaks into your network, says US CISA infosec agency

Following attribution of the SolarWinds supply chain attack to Russia's APT29, the US CISA infosec agency has published a list of the spies' known tactics – including a penchant for using a naughtily named email provider.


APT29* is the Western infosec world's codename for what we now know is the Russian Foreign Intelligence Service, known by its Russian acronym SVR.

As well as publishing a list of things US counterintelligence know about their Russian offensive counterparts, CISA has also added some advice on how to avoid these common Russian intelligence compromise tactics.


SVR's break-in pros use techniques including "low and slow" password spraying targeted at known admin accounts, zero-days
Support the originator by clicking the read the rest link below.