Russian Actors Change Techniques After UK and US Agencies Expose Them

After the western agencies outed their techniques, Russian actors from the APT29 group responded to the expose by using a red-teaming software to get into the victim's network as a trusted pentesting exercise. Currently, NCSC (National Cyber Security Centre) of UK and the US have alarmed, that the SVR is currently exploiting vulnerabilities that are critical rated (a dozen of them) which also include RCEs in devices that range from VMware virtualization to Cisco's routers, as well as the famous Pulse Secure VPN flaw, along with other equipment. 

"The NCSC, CISA, FBI, and NSA publish advice on detection and mitigation of SVR activity following the attribution of the SolarWinds compromise," says the NCSC website. It found a case where the spies look for verification credentials in mails, which included passwords and PKI keys. Quite similar to MI6 with a bit of GCHQ, the SVR is a foreign intelligence agency of Russia and is as popular among the cybersecurity realm as APT29. 

Last month, UK and US agencies came together to expose the group's techniques, allowing cybersecurity research around the world to have a glance at the lethal state-sponsored attackers that might've attacked their network infrastructure. After finding the NCSC report, the SVR actors have changed their TTP to avoid getting further caught and also to escape any preventive measures that network defenders might've placed. Besides this, the group is also pretending to be an authorized red-team pentester, to avoid getting caught. The actors also got into GitHub and installed Sliver, an open-source red-teaming platform, to keep their access active. 

The Russian actors have become more active in exploiting these vulnerabilities. NCSC, in its blogpost, warned smart City infrastructure, public operators, to be alert of suspicious state-sponsored actors that intend to steal data. "Why the sudden focus on smart streetlights and all the rest of it? The risk in smart cities is the direct control of operational technology; industrial equipment such as CCTV, streetlights, and access control systems. We understand at least one UK council is removing some smart city gear after having thought of the wisdom of installing it," reports the Register.