Agencies warn about Russian government hackers going after unpatched vulnerabilities | CyberScoop<\/title> <meta name=\"description\" content=\"The SVR is conducting its targeting both specifically and broadly, the U.S. and U.K. cyber agencies said.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Agencies warn about Russian government hackers going after unpatched vulnerabilities\"> <meta property=\"og:description\" content=\"The SVR is conducting its targeting both specifically and broadly, the U.S. and U.K. cyber agencies said.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-10-11T15:58:33+00:00\"> <meta property=\"article:modified_time\" content=\"2024-10-11T15:58:34+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities-2.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"527\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1725982252g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1725466133g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1728651643g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82111\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82111\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fagencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fagencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82111 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.538659793814\">\n<div class=\"single-article__header-content\" readability=\"30.935622317597\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> The SVR is conducting its targeting both specifically and broadly, the U.S. and U.K. cyber agencies said. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"329\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities.jpg?resize=640%2C329&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities-2.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities-2.jpg?resize=300,154 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities-2.jpg?resize=768,395 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities-2.jpg?resize=600,309 600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"><figcaption> A general view of the Russian Foreign Intelligence Service (SVR) headquarters outside Moscow taken on June 29, 2010. (Alexey SAZONOV\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"24.788659793814\"><body readability=\"54.115068493151\"><\/p>\n<p>Russian government hackers are targeting known, unpatched vulnerabilities to victimize specific organizations like governments and defense contractors while also scanning the internet for any susceptible systems to attack, U.S. and U.K. cyber agencies said in a joint alert.<\/p>\n<p>The threat actors tied to the Russian Foreign Intelligence Service (SVR) \u201care highly capable of and interested in exploiting software vulnerabilities\u201d in order to both gain initial access to their target organization and then move around in its systems, the Thursday advisory states.<\/p>\n<p>It\u2019s an attempt by the FBI, the National Security Agency, Cyber National Mission Force and the United Kingdom\u2019s National Cyber Security Centre to <a href=\"https:\/\/www.ic3.gov\/Media\/News\/2024\/241010.pdf\">warn the public<\/a> about the tactics and techniques the SVR has employed in recent attacks. It\u2019s an update of <a href=\"https:\/\/media.defense.gov\/2021\/Apr\/15\/2002621240\/-1\/-1\/0\/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF\">a 2021 advisory<\/a>.<\/p>\n<p>They wrote that there are two types of target entities for the SVR attackers: \u201ctargets of intent,\u201d which includes tech companies, think tanks and international organizations, and also \u201ctargets of opportunity.\u201d <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The first kinds of groups \u201care targeted for the purpose of collecting foreign intelligence and technical data as well as establishing accesses to enable subsequent downstream\/supply chain compromises,\u201d according to the advisory.<\/p>\n<p>For the second kind, \u201cmass scanning and opportunistic exploitation of vulnerable systems, as opposed to more targeted operations, increase the threat surface to include virtually any organization with vulnerable systems,\u201d the agencies wrote. \u201cTargets of opportunity represent entities with Internet-accessible infrastructure vulnerable to exploitation through publicly disclosed vulnerabilities, weak authentication controls, or system misconfigurations.\u201d <\/p>\n<p>Examples of the kinds of vulnerabilities the alert said that SVR has exploited recently are in the <a href=\"https:\/\/therecord.media\/jetbrains-rapid7-silent-patching-dispute\">JetBrains TeamCity<\/a> and <a href=\"https:\/\/cyberscoop.com\/ransomware-charity-malaslocker\/\">Zimbra<\/a> software products. They also have used <a href=\"https:\/\/cyberscoop.com\/microsoft-ai-exposed-data-github\/\">Microsoft Teams<\/a> accounts that impersonate tech support on Microsoft Teams Chat to manipulate users into giving them access.<\/p>\n<p>SVR hackers operate stealthily, such as using the TOR anonymity browser and attempting to destroy their infrastructure when they\u2019re discovered, according to the alert.<\/p>\n<p>The agencies advise organizations to disable internet-accessible services they don\u2019t need, employ multi-factor authentication and audit cloud-based accounts for unusual activity.<br \/>Earlier this year, the same agencies and more from other countries issued an advisory about how SVR hackers are seeking to <a href=\"https:\/\/cyberscoop.com\/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments\/\">gain cloud access<\/a>.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Agencies warn about Russian government hackers going after unpatched vulnerabilities<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[634,273,669,302,117,2459,2869,625,2870,1574,761,304,272,2871,270,1387,288,2872,2873],"tags":[635,279,671,306,119,2461,2874,630,2875,1576,763,308,278,2876,276,1389,294,2877,2878],"class_list":["post-5740","post","type-post","status-publish","format-standard","hentry","category-cloud","category-fbi","category-federal-bureau-of-investigation-fbi","category-geopolitics","category-government","category-intelligence","category-jetcity","category-microsoft","category-microsoft-teams","category-national-cyber-security-centre","category-national-security-agency","category-national-security-agency-nsa","category-nsa","category-privilege-escalation","category-russia","category-svr","category-threats","category-u-k-national-cyber-security-centre","category-zimbra","tag-cloud","tag-fbi","tag-federal-bureau-of-investigation-fbi","tag-geopolitics","tag-government","tag-intelligence","tag-jetcity","tag-microsoft","tag-microsoft-teams","tag-national-cyber-security-centre","tag-national-security-agency","tag-national-security-agency-nsa","tag-nsa","tag-privilege-escalation","tag-russia","tag-svr","tag-threats","tag-u-k-national-cyber-security-centre","tag-zimbra"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cloud\/\" rel=\"category tag\">Cloud<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fbi\/\" rel=\"category tag\">FBI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/intelligence\/\" rel=\"category tag\">Intelligence<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/jetcity\/\" rel=\"category tag\">JetCity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-teams\/\" rel=\"category tag\">Microsoft Teams<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-cyber-security-centre\/\" rel=\"category tag\">National Cyber Security Centre<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-security-agency\/\" rel=\"category tag\">National Security Agency<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-security-agency-nsa\/\" rel=\"category tag\">National Security Agency (NSA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nsa\/\" rel=\"category tag\">nsa<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/privilege-escalation\/\" rel=\"category tag\">privilege escalation<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/svr\/\" rel=\"category tag\">SVR<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/u-k-national-cyber-security-centre\/\" rel=\"category tag\">U.K. National Cyber Security Centre<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zimbra\/\" rel=\"category tag\">Zimbra<\/a>","tag_info":"Zimbra","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5740","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5740"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5740\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5740"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":5740,"date":"2024-10-11T10:58:33","date_gmt":"2024-10-11T15:58:33","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82111"},"modified":"2024-10-11T10:58:33","modified_gmt":"2024-10-11T15:58:33","slug":"agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/10\/11\/agencies-warn-about-russian-government-hackers-going-after-unpatched-vulnerabilities\/","title":{"rendered":"Agencies warn about Russian government hackers going after unpatched vulnerabilities"},"content":{"rendered":"