The Cybersecurity and Infrastructure Security Agency (CISA) join the United Kingdom’s National Cyber Security Centre (NCSC), the National Security Agency (NSA), and Federal Bureau of Investigation (FBI) in releasing a joint advisory titled, Further TTPs Associated with SVR Cyber Actors. This advisory expands on two previously released U.S. advisories by outlining additional tactics, techniques and procedures (TTPs) the Russian Foreign Intelligence Service (SVR) has leveraged to gain footholds into victim networks.
Like other malicious cyber actors, the SVR is known to rapidly exploit vulnerabilities once publicly known, and one example in the advisory includes the exploiting of Microsoft Exchange vulnerabilities shortly after they were publicly disclosed on 2 March 2021.
The joint advisory outlines specific publicly known vulnerabilities the SVR recently exploited, as well as other specific tactics, to help network defenders prioritize patching and further protect their networks against nation-state exploitation.
CISA has also released Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise that provides summaries of three key joint publications that focus on SVR activities related to the SolarWinds Orion supply chain compromise.
CISA recommends that critical system owners prioritize reading this advisory and follow recommended mitigation and guidance to help protect against this malicious activity.