Further Tactics, Techniques and Procedures associated with SVR cyber actors
In April 2021 the UK and US governments attributed the compromise of SolarWinds and the targeting of COVID-19 vaccine developers to SVR cyber actors (most known are APT29, Cozy Bear, and the Dukes). The FBI, Department of Homeland Security and CISA also issued a joint report providing information on the SVR’s cyber tools, targets, techniques, and capabilities.
In response to this joint report SVR cyber operators seems to have reacted by changing their tactics in an attempt to avoid further detection and remediation efforts by network defenders. The Advisory published by the UK National Cybersecurity Center summarizes the main changes, including the deployment of the open-source tool Sliver to maintain access to previously developed malware, as well as use of most recently the widely reported Microsoft Exchange vulnerabilities.