Russian intelligence poses new cyber attack threat, UK and US security agencies say

Russian intelligence has been accused by America and Britain of carrying out cyberattacks using new techniques, after it was exposed for hacking of targets ranging from Covid vaccine supply chains to the US agency safeguarding its nuclear stockpile.

The Russian foreign intelligence service, SVR, was blamed for the cyberattacks last year, described as the worst ever in the US, with seven other countries, including the UK, also affected.

Now the FBI and the NSA (National Security Agency) in the US, and NCSC (National Cyber Security Centre) in the UK has warned that “SVR cyber operators” have reacted to previous investigations by changing their “TTP [tactics, techniques and procedures] in an attempt to avoid further detection and remediation efforts by network defenders”. The group has also been observed making use of numerous vulnerabilities, the security agencies said in a report.

The report added that “these changes included the deployment of the open-source tool Sliver in an attempt to maintain their accesses”. As in previous operations, the SVR are said to be making use of clandestine hacking groups called Cozy Bear, the Dukes and APT 29.

Sliver is used to perform security testing. Tools, such as Sliver and Cobalt Strike, are used by a variety of hackers. Using these mean they do not need to develop bespoke tooling in order to penetrate target networks.

A security official said: “The  SVR actors have used these techniques to target a variety of organisations globally, including in the UK, US, EU and Nato countries. This includes, but is not necessarily limited to, government, diplomatic, think-tank, healthcare and energy targets.”

Russian intelligence started changing its technique say the American and British agencies, after they,  along with Canada’s Communications Security Establishment (CSE),  revealed in July last year that the group APT29 has targeted organisations involved in Covid vaccine developments in the UK, US and Canada . 

They concluded that it was “highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines”. The hacking group was “using custom malware known as ‘WellMess’ and ‘WellMail’ to target a number of organisations globally” said the agencies in a report. 

Political as well as security issues have surfaced in America following last year’s attack. Donald Trump, who allegedly benefitted from Kremlin interference to win the 2016 election, including the hacking of Democratic National Party computers and Hillary Clinton’s emails, made no comment at the time.

Meanwhile president-elect Joe Biden, waiting for his inauguration, said: “I want to be clear, my administration will make cybersecurity a top priority at every level of government, and we will make dealing with this breach a top priority from the moment we take office.”