"Evolution of Russian Cyber Actors' Tactics in Cloud Attacks"
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory detailing the tactics, techniques, and procedures (TTPs) of the SVR-attributed cyber espionage group APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The advisory outlines how these actors have adapted to target cloud-based infrastructure, including accessing cloud environments, using service and dormant accounts, employing cloud-based token authentication, enrolling new devices to the cloud, and utilizing residential proxies to stay covert. The report also provides mitigation and detection strategies to defend against these tactics.