Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Russian intelligence poses new cyber attack threat, UK and US security agencies say

Moscow’s SVR foreign intelligence service said to be making use of clandestine hacking groups Cozy Bear, the Dukes and APT 29

Kim Sengupta
Defence Editor
Friday 07 May 2021 23:02 EDT
Comments
(PA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Russian intelligence has been accused by America and Britain of carrying out cyberattacks using new techniques, after it was exposed for hacking of targets ranging from Covid vaccine supply chains to the US agency safeguarding its nuclear stockpile.

The Russian foreign intelligence service, SVR, was blamed for the cyberattacks last year, described as the worst ever in the US, with seven other countries, including the UK, also affected.

Now the FBI and the NSA (National Security Agency) in the US, and NCSC (National Cyber Security Centre) in the UK has warned that “SVR cyber operators” have reacted to previous investigations by changing their “TTP [tactics, techniques and procedures] in an attempt to avoid further detection and remediation efforts by network defenders”. The group has also been observed making use of numerous vulnerabilities, the security agencies said in a report.

The report added that “these changes included the deployment of the open-source tool Sliver in an attempt to maintain their accesses”. As in previous operations, the SVR are said to be making use of clandestine hacking groups called Cozy Bear, the Dukes and APT 29.

Sliver is used to perform security testing. Tools, such as Sliver and Cobalt Strike, are used by a variety of hackers. Using these mean they do not need to develop bespoke tooling in order to penetrate target networks.

A security official said: “The  SVR actors have used these techniques to target a variety of organisations globally, including in the UK, US, EU and Nato countries. This includes, but is not necessarily limited to, government, diplomatic, think-tank, healthcare and energy targets.”

Russian intelligence started changing its technique say the American and British agencies, after they,  along with Canada’s Communications Security Establishment (CSE),  revealed in July last year that the group APT29 has targeted organisations involved in Covid vaccine developments in the UK, US and Canada . 

They concluded that it was “highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines”. The hacking group was “using custom malware known as ‘WellMess’ and ‘WellMail’ to target a number of organisations globally” said the agencies in a report. 

Political as well as security issues have surfaced in America following last year’s attack. Donald Trump, who allegedly benefitted from Kremlin interference to win the 2016 election, including the hacking of Democratic National Party computers and Hillary Clinton’s emails, made no comment at the time.

Meanwhile president-elect Joe Biden, waiting for his inauguration, said: “I want to be clear, my administration will make cybersecurity a top priority at every level of government, and we will make dealing with this breach a top priority from the moment we take office.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in