The Register
Following attribution of the SolarWinds supply chain attack to Russia’s APT29, the US CISA infosec agency has published a list of the spies’ known tactics – including a penchant for using a naughtily named email provider.
APT29* is the Western infosec world’s codename for what we now know is the Russian Foreign Intelligence Service, known by its Russian acronym SVR.
As well as publishing a list of things US counterintelligence know about their Russian offensive counterparts, CISA has also added some advice on how to avoid these common Russian intelligence compromise tactics.
SVR’s break-in pros use techniques including “low and slow” password spraying targeted at known admin accounts, zero-days deployed against VPN appliances, and then deploying droppers such as WellMess.