US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks

US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks
Actors working for Moscow's Foreign Intelligence Service are actively targeting organizations in government and other sectors, FBI and DHS say.

The FBI, the Department of Homeland Security (DHS), and the Cybersecurity & Infrastructure Security Agency (CISA) are urging US organizations to implement multifactor authentication and other defensive mechanisms to protect against threat activity by Russia's Foreign Intelligence Service (SVR).


In a new joint advisory out today, the three entities warn government agencies, think tanks, information technology companies, and policy analysis organizations in particular to watch out for attacks from APT29, a threat group that they describe as working for the SVR.


The alert does not point to any specific new and recent threats or attacks from APT29 (aka Cozy Bear, Dukes, and Yttrium) targeting organizations in these sectors. But it does note the longstanding threat the group has posed to US organizations and the group's use of customized tools to maximize stealth and to move laterally within victim networks. Since at least 2018, the group has shifted from predominantly targeting on-premises assets to targeting cloud-hosted email and other cloud resources, the three agencies say.


"[SVR] will continue to seek intelligence from US and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks," the alert notes.


This is the second time that US law enforcement has warned of SVR threat activity in the last two weeks. On April 15, shortly after the Biden administration formally attributed the SolarWinds attack to SVR, the FBI, DHS, and CISA released an advisory warning about the ..

Support the originator by clicking the read the rest link below.