Russian intelligence poses new cyber attack threat, UK and US security agencies say

Moscow’s SVR foreign intelligence service said to be making use of clandestine hacking groups Cozy Bear, the Dukes and APT 29

Kim Sengupta
Defence Editor
Saturday 08 May 2021 04:02
Comments

Russian intelligence has been accused by America and Britain of carrying out cyberattacks using new techniques, after it was exposed for hacking of targets ranging from Covid vaccine supply chains to the US agency safeguarding its nuclear stockpile.

The Russian foreign intelligence service, SVR, was blamed for the cyberattacks last year, described as the worst ever in the US, with seven other countries, including the UK, also affected.

Now the FBI and the NSA (National Security Agency) in the US, and NCSC (National Cyber Security Centre) in the UK has warned that “SVR cyber operators” have reacted to previous investigations by changing their “TTP [tactics, techniques and procedures] in an attempt to avoid further detection and remediation efforts by network defenders”. The group has also been observed making use of numerous vulnerabilities, the security agencies said in a report.

The report added that “these changes included the deployment of the open-source tool Sliver in an attempt to maintain their accesses”. As in previous operations, the SVR are said to be making use of clandestine hacking groups called Cozy Bear, the Dukes and APT 29.

Sliver is used to perform security testing. Tools, such as Sliver and Cobalt Strike, are used by a variety of hackers. Using these mean they do not need to develop bespoke tooling in order to penetrate target networks.

A security official said: “The  SVR actors have used these techniques to target a variety of organisations globally, including in the UK, US, EU and Nato countries. This includes, but is not necessarily limited to, government, diplomatic, think-tank, healthcare and energy targets.”

Russian intelligence started changing its technique say the American and British agencies, after they,  along with Canada’s Communications Security Establishment (CSE),  revealed in July last year that the group APT29 has targeted organisations involved in Covid vaccine developments in the UK, US and Canada . 

They concluded that it was “highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines”. The hacking group was “using custom malware known as ‘WellMess’ and ‘WellMail’ to target a number of organisations globally” said the agencies in a report. 

Political as well as security issues have surfaced in America following last year’s attack. Donald Trump, who allegedly benefitted from Kremlin interference to win the 2016 election, including the hacking of Democratic National Party computers and Hillary Clinton’s emails, made no comment at the time.

Meanwhile president-elect Joe Biden, waiting for his inauguration, said: “I want to be clear, my administration will make cybersecurity a top priority at every level of government, and we will make dealing with this breach a top priority from the moment we take office.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in