The attackers are expected to go after targets such as government agencies, diplomatic entities, think tanks, technology companies, and financial institutions around the world. They may also go after opportunistic targets in the form of organizations with vulnerable systems.
“Russian cyber actors are interested in and highly capable of accessing unpatched systems across a range of sectors, and once they are in, they can exploit this access to meet their objectives. All organisations are encouraged to bolster their cyber defences: take heed of the advice set out within the advisory and prioritise the deployment of patches and software updates,” NCSC Chief Operating Officer Paul Chichester said in a statement.
Tactics, techniques, and procedures (TTPs) of the SVR include spearphising, password spraying, supply chain and trusted relationship abuses, custom malware, and cloud exploitation for initial access and privilege escalation.