Russian Foreign Intelligence Service (SVR) operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks.
The warning comes after US and UK governments formally attributed the SolarWinds supply-chain attack and COVID-19 vaccine developer targeting to Russian SVR (aka APT29, Cozy Bear, and The Dukes) operators’ cyber-espionage efforts on April 15.
On the same day, the NSA, CISA, and the FBI informed organizations and service providers about the top five vulnerabilities exploited in SVR attacks against US interests.
In a third advisory issued on April 26, the FBI, DHS, and CIA warned of continued attacks coordinated by the Russian SVR against the US and foreign organizations.
The US federal agencies pointed out that SVR operators commonly use password spraying, exploit the CVE-2019-19781 vulnerability to obtain network access, and deploy WELLMESS malware on compromised systems.