{"id":2606,"date":"2024-02-26T17:18:53","date_gmt":"2024-02-26T17:18:53","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=79433"},"modified":"2024-02-26T17:18:53","modified_gmt":"2024-02-26T17:18:53","slug":"five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/02\/26\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments\/","title":{"rendered":"Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v21.7 (Yoast SEO v21.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments\"> <meta property=\"og:description\" content=\"The advisory issued by the U.K.'s National Cyber Security Centre breaks down tactics and techniques from SVR hacking ops.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-02-26T17:18:53+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1283\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1706643139g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css,\/wp-content\/plugins\/embedpress\/Gutenberg\/dist\/blocks.style.build.css?m=1708535870\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-content\/plugins\/embedpress\/assets\/css\/embedpress.css,\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1708725624\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=17ca7a1ec36db7d13744\" media=\"all\">\n<link rel=\"stylesheet\" id=\"all-css-10\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-includes\/css\/dashicons.min.css,\/wp-content\/plugins\/embedpress\/assets\/css\/plyr.css?m=1707697092\" type=\"text\/css\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/79433\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=79433\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffive-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffive-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-79433 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.503759398496\">\n<div class=\"single-article__header-content\" readability=\"30.471264367816\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> The advisory issued by the U.K.&#8217;s National Cyber Security Centre breaks down tactics and techniques from SVR hacking ops. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"428\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments.jpg?resize=640%2C428&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments-2.jpg?resize=768,513 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments-2.jpg?resize=1024,684 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments-2.jpg?resize=1536,1026 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments-2.jpg?resize=600,401 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments-2.jpg?resize=251,168 251w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments-2.jpg?resize=504,337 504w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments-2.jpg?resize=1010,675 1010w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments-2.jpg?resize=1262,843 1262w\" sizes=\"(max-width: 1010px) 100vw, 1010px\"><figcaption> Russian President Vladimir Putin delivers a speech standing in front of the monument &#8220;Fatherland, Valor, Honor&#8221; outside of the Foreign Intelligence Service of the Russian Federation (SVR) in Moscow on June 30, 2022. (Photo by MIKHAIL METZEL\/Sputnik\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"24.498796630566\"><body readability=\"50.666666666667\"><\/p>\n<p>Longstanding cyberespionage and data collection units tied to Russia\u2019s Foreign Intelligence Service (SVR) are evolving their techniques to gain access to cloud environments, the British, U.S. and partner governments said in an advisory Monday.<\/p>\n<p>The advisory \u2014 <a href=\"https:\/\/www.ncsc.gov.uk\/files\/Advisory-SVR-cyber-actors-adapt-tactics-for-initial-cloud-access.pdf\">issued by the U.K.\u2019s National Cyber Security Centre<\/a> and co-signed by a range of counterpart agencies in the U.S., Australia, Canada and New Zealand \u2014&nbsp;details the evolving tactics, techniques and procedures that SVR hacking operations, tracked widely under the \u201cAPT29\u201d and \u201cCozy Bear\u201d monikers, are employing to penetrate the increasing number of cloud environments used by both private and public organizations.<\/p>\n<p>APT29 operations are considered highly sophisticated and have been tracked since at least 2014, targeting a wide range of North American and European industries, including biotechnology, government, nonprofits, telecommunications and think tanks, according to an <a href=\"https:\/\/www.mandiant.com\/resources\/blog\/unc2452-merged-into-apt29\">April 2022 report from Mandiant<\/a>.<\/p>\n<p>The <a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2021\/04\/15\/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government\/\">U.S. government, for instance, attributed<\/a> to APT29 the 2020 <a href=\"https:\/\/cyberscoop.com\/tag\/solarwinds\/\">SolarWinds<\/a> supply chain attack, one of the most <a href=\"https:\/\/www.wired.com\/story\/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever\/\">consequential cyberespionage operations<\/a> in recent years.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Even still, the agencies said Monday, basic cloud security measures can go a long way toward stymieing APT29 efforts.<\/p>\n<p>\u201cThe SVR is a sophisticated actor capable of carrying out a global supply chain compromise such as the 2020 SolarWinds, however the guidance in this advisory shows that a strong baseline of cyber security fundamentals can help defend from such actors,\u201d the notice read.<\/p>\n<p>Attackers must first successfully authenticate to the cloud provider, the notice read, so basic steps can go a long way. Some of those steps include regularly evaluating and disabling dormant accounts that could be tied to employees who are no longer with organizations, working with cloud providers to limit the validity time of system-issued tokens (which enable logins without passwords), and more stringent device-enrollment policies.<\/p>\n<p>The Cybersecurity and Infrastructure Security Agency has also <a href=\"https:\/\/www.cisa.gov\/resources-tools\/services\/secure-cloud-business-applications-scuba-project\">shared best practices<\/a> for business-oriented cloud environments through its <a href=\"https:\/\/cyberscoop.com\/cisa-google-workspace-scuba-baselines-microsoft-breach-china\/\">Secure Cloud Business Applications (SCuBA) project<\/a>, the advisory said.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"0.95121951219512\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments-1.jpg?w=640&#038;ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Five Eyes nations warn of evolving Russian cyberespionage practices targeting<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[634,452,1573,302,1574,270],"tags":[635,454,1575,306,1576,276],"class_list":["post-2606","post","type-post","status-publish","format-standard","hentry","category-cloud","category-cybersecurity-and-infrastructure-security-agency-cisa","category-five-eyes","category-geopolitics","category-national-cyber-security-centre","category-russia","tag-cloud","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-five-eyes","tag-geopolitics","tag-national-cyber-security-centre","tag-russia"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cloud\/\" rel=\"category tag\">Cloud<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/five-eyes\/\" rel=\"category tag\">Five Eyes<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-cyber-security-centre\/\" rel=\"category tag\">National Cyber Security Centre<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a>","tag_info":"Russia","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2606","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2606"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2606\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2606"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2606"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2606"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}