Cybersecurity agencies in the UK and the US have issued a stark warning about the ongoing global threat posed by Russia’s Foreign Intelligence Service (SVR), highlighting the widespread exploitation of vulnerabilities by Russian cyber actors.
In a new joint advisory, the UK’s National Cyber Security Centre (NCSC) and US agencies have urged organisations to strengthen their cyber defences and prioritise patching known vulnerabilities to prevent potential attacks.
The advisory warns that SVR cyber actors, also known as APT29, are targeting organisations at scale, focusing on both specific entities and broader opportunities. These actors are actively exploiting more than 20 publicly disclosed vulnerabilities, leveraging them to gain access to systems for intelligence-gathering and cyber operations, including those supporting Russia’s ongoing invasion of Ukraine.
Targets of intent for these cyber campaigns include government bodies, diplomatic institutions, think tanks, and key sectors such as technology and finance, both in the UK and worldwide. However, the advisory also stresses that “targets of opportunity”—organisations with unpatched vulnerabilities—are equally at risk, with SVR actors scanning internet-facing systems to identify potential entry points.
Once inside, attackers can conduct follow-on operations or pivot to connected networks, potentially spreading their reach through supply chains.
Paul Chichester, NCSC Director of Operations, underscored the critical nature of patching and updating systems: “Russian cyber actors are interested in and highly capable of accessing unpatched systems across a range of sectors, and once they are in, they can exploit this access to meet their objectives. All organisations are encouraged to bolster their cyber defences: take heed of the advice set out within the advisory and prioritise the deployment of patches and software updates.”
The advisory follows earlier warnings from the NCSC, which exposed how SVR-linked cyber actors have adapted their techniques in response to the increased shift to cloud-based infrastructure.
These actors are well-known for high-profile cyberattacks, including the SolarWinds supply chain compromise and the targeting of organisations involved in COVID-19 vaccine development.
The advisory has been jointly published by the NCSC, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA), and UK organisations are encouraged to report any incidents of compromise to the NCSC. The coordinated message highlights the importance of proactive defence in the face of persistent cyber threats from state-sponsored actors.
It’s strange that Russian intelligence is reported to be a major threat when it comes to cyber warfare but has proven to be completely useless when it comes to the Ukraine war, both in understanding the threat before the war started and ever since.
Offensive Cyber isn’t really an ‘intelligence’ capability in the traditional sense, it has been bundled in with it because intelligence gathering is one of the things it can do. The likes of Microsoft and AWS are extremely capable of defending infrastructure against cyber threats, but only if the customer also meets it’s obligations in terms of ensuring that e.g. patches are installed in a timely manner, EOL software is retired befeore it goes out of support, user authentication policies are robust and properly implemented etc.
Only there are several Microsoft data breeches listed in the last few years. I remember reading that Air Gaped computers were considered the pinnacle in cyber security, but then I read that Chinese hackers had breeched Eastern European systems. These systems are supposed to be disconnected from the Internet so if they can get into these systems I’d say no system is full proof. Hope for the best but prepare for the worst.
When someone doesn’t leave the keys around in an open container….
Cyber is a major, major problem. Don’t underestimate the Russian capabilities. We’re not just facing the Russian Security Services but also other Russian cyber threat actors/groups/APTs who are allowed to operate in Russia with impunity in return for working ad-hoc for the government. Ukrainian cyber specialists (some of them are former actors working with these Russian APTs) have shown that Russia is not invulnerable themselves with a lot of high profile hacks against government and military entities themselves. I noted at the time about 18 months ago that GCHQ relaxed it’s UK personnel only policy so assume we are recruiting worldwide now, hopefully that puts us in a better place.
Non UK nationals? That’s really interesting. I’ve always noted that most jobs in the intelligence area require DV or enhanced DV, and a UK citizen, for eligibility.
2nd Nov 2022. UK government relaxes the need for applications for UK security organisations to have at least 1 parent that is a British National.
There is a post to that effect on the GCHQ website and the BBC still carries the news item.
In one way it’s a no brainer as you can recruit people who understand languages and cultures and can give a first hand view of how some of these groups work. Some might say they come with there own security risk and that is true, but then how many of our biggest security risks in the past have been of British origin?