Here’s what Russia’s SVR spy agency does when it breaks into your network, says US CISA infosec agency

The Register

Following attribution of the SolarWinds supply chain attack to Russia’s APT29, the US CISA infosec agency has published a list of the spies’ known tactics – including a penchant for using a naughtily named email provider.

APT29* is the Western infosec world’s codename for what we now know is the Russian Foreign Intelligence Service, known by its Russian acronym SVR.

As well as publishing a list of things US counterintelligence know about their Russian offensive counterparts, CISA has also added some advice on how to avoid these common Russian intelligence compromise tactics.

SVR’s break-in pros use techniques including “low and slow” password spraying targeted at known admin accounts, zero-days deployed against VPN appliances, and then deploying droppers such as WellMess.

Full article