"Russian Cyber Actors Target Cloud-Hosted Infrastructure"

The National Security Agency (NSA), together with the UK National Cyber Security Centre (NCSC-UK) and other partners, has released a Cybersecurity Advisory (CSA) titled "SVR Cyber Actors Adapt Tactics for Initial Cloud Access." The CSA describes how Russia-based cyber actors are changing their tactics, techniques, and procedures (TTPs) to infiltrate and access intelligence in cloud environments. The cyber actors, known as APT29, Midnight Blizzard, the Dukes, or Cozy Bear, are believed to be linked to the Russian foreign intelligence service (SVR). They mainly gain access to cloud-based systems by logging into automated system accounts and inactive accounts using TTPs such as password spraying and brute forcing. This article continues to discuss the CSA on Russian cyber actors targeting cloud-hosted infrastructure. 

NSA reports "Russian Cyber Actors Target Cloud-Hosted Infrastructure"

Submitted by grigby1

Submitted by Gregory Rigby on