"Evolution of Russian Cyber Actors' Tactics in Cloud Attacks"

February 26, 2024 at 12:00 PM

•

1 min read

TL;DR Summary

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory detailing the tactics, techniques, and procedures (TTPs) of the SVR-attributed cyber espionage group APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The advisory outlines how these actors have adapted to target cloud-based infrastructure, including accessing cloud environments, using service and dormant accounts, employing cloud-based token authentication, enrolling new devices to the cloud, and utilizing residential proxies to stay covert. The report also provides mitigation and detection strategies to defend against these tactics.

Topics:business #apt29 #cloud-infrastructure #cybersecurity #svr #ttps

Share this article

SVR Cyber Actors Adapt Tactics for Initial Cloud Access CISA
UK and allies expose evolving tactics of Russian cyber actors National Cyber Security Centre
Russian hackers shift to cloud attacks, US and allies warn BleepingComputer
CISA Issues Alert on APT29's Cloud Infiltration Tactics Infosecurity Magazine
Russia cyber spies behind SolarWinds breach adopting new tactics, warn Five Eyes agencies The Record from Recorded Future News

Reading Insights

Total Reads

Unique Readers

Time Saved

8 min

vs 9 min read

Condensed

95%

1,650 → 86 words

Want the full story? Read the original article

Read on CISA

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights