AMARU would like to draw your attention to an advisory published by the UK’s National Cyber Security Centre (NCSC UK) which details recent tactics, techniques and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes or Cozy Bear.

The NCSC UK and international partners assess that APT29 is a cyber espionage group, almost certainly part of the SVR, an element of the Russian intelligence services. The US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Cyber National Mission Force (CNMF), the Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS) and the New Zealand National Cyber Security Centre (NCSC NZ) agree with this attribution and the details provided in this advisory.

As organisations continue to modernise their systems and move to cloud-based infrastructure, the actor has adapted to these changes in the operating environment. This advisory provides an overview of TTPs deployed by the actor to gain initial access into the cloud environment and includes advice to detect and mitigate this activity.

The advisory can be found at:

AMARU recommends that organisations read the report and follow the relevant mitigation advice to protect their networks.

Reach out to our cyber security experts us for any questions!

Recent blog posts

Key Takeaways from the CrowdStrike 2024 Global Threats Report

Key Takeaways from the CrowdStrike 2024 Global Threats Report

CrowdStrike’s new 2024 Global Threat Report has been creating some buzz around the latest trends in the cyberattacks, and we are here to make the key takeaways from the main topics that were talked about in the report more accessible to you. To summarise, the...