The FBI and the CISA are warning of continued cyberthreats stemming from Russia’s Foreign Intelligence Service, or SVR, often associated with SolarWinds supply chain attack. Several tools and techniques used by the SVR have been discovered, including the exploitation of several well-known vulnerabilities found in SolarWinds products and VPNs that allow for remote access to networks.
Attackers associated with the SVR continue to update their techniques to avoid detection. Following TTPs have been observed recently:
Earlier, this APT exploited a zero-day vulnerability in Citrix’s Application Delivery Controller and Gateway products to attack another unnamed organization.