Svr

Company/Organization updated 5 months ago (2024-03-25T10:16:12.570Z)
Download STIX
Preview STIX
SVR, also known as Russia's civilian foreign intelligence service, is the successor organization to the KGB’s First Chief Directorate. Known for its cyber capabilities, SVR has been involved in numerous incidents of cyber-espionage and intelligence gathering. The organization targets governmental networks across Europe and NATO member countries to collect intelligence on ongoing geopolitical issues. In addition, research institutes and think tanks have been targeted for intelligence collection. SVR has shown a particular interest in understanding Western political dynamics related to Ukraine and other flashpoint foreign policy issues, indicating that Western political parties could be potential future targets. The group, also referred to as Cozy Bear or Nobelium, has historically focused on diplomatic targets but has expanded its scope over time. For instance, it was linked to cyberattacks on COVID-19 vaccine developers and the infamous SolarWinds campaign. A notable departure from their typical focus was the targeting of German political parties, reflecting SVR’s interest in gaining information from political parties and civil society that could advance Moscow’s geopolitical interests. Furthermore, SVR has been implicated in hacking incidents involving major companies like Hewlett Packard Enterprise. Recently, SVR has made allegations against the US, claiming that American intelligence is plotting to interfere with the upcoming Russian presidential election. They suggest that American NGOs, with the help of IT specialists, plan to carry out cyberattacks on the remote electronic voting system to manipulate the vote count. This accusation adds another layer of complexity to the geopolitical landscape, demonstrating the SVR's active role not only in cyber-espionage but also in shaping narratives around international politics and elections.
Description last updated: 2024-03-25T10:16:12.546Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Vulnerability
Exploit
Apt
Teamcity
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
MagicwebUnspecified
2
MagicWeb is a sophisticated malware that was first reported by Microsoft in August 2022. It was developed and deployed by the threat group Nobelium, also known as Cozy Bear or APT29, who are believed to be associated with the Russian Foreign Intelligence Service (SVR). MagicWeb is designed to exploi
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
APT29Unspecified
3
APT29, also known as Cozy Bear, Nobelium, The Dukes, Midnight Blizzard, BlueBravo, and the SVR group, is a Russia-linked threat actor notorious for its malicious cyber activities. In November 2023, this entity exploited a zero-day vulnerability in WinRAR software to launch attacks against various em
Cozy BearUnspecified
2
Cozy Bear, also known as APT29, Midnight Blizzard, and Nobelium, is a threat actor believed to operate out of Russia's Foreign Intelligence Service or SVR. This group has been linked to several high-profile cyber intrusions. One of the earliest identified activities of Cozy Bear was at the Democrati
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2023-42793Unspecified
2
CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre
Source Document References
Information about the Svr Company/Organization was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
6 months ago
Russian hackers shift to cloud attacks, US and allies warn
InfoSecurity-magazine
5 months ago
Russian APT29 Group Targets German Politicians
CERT-EU
6 months ago
Russia's SVR alleges US is plotting to interfere in presidential election
CERT-EU
6 months ago
Microsoft Admits It Has Not Been Able to Stop Russian Hackers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
Microsoft warns Russian hackers have expanded their attacks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
Cyber Criminals Adapt Tactics to Attack Cloud Infrastructure
InfoSecurity-magazine
6 months ago
CISA Issues Alert on APT29’s Cloud Infiltration Tactics
CISA
6 months ago
SVR Cyber Actors Adapt Tactics for Initial Cloud Access | CISA
CERT-EU
8 months ago
Russia-backed Hackers Breach Microsoft Leaders' Emails | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
8 months ago
Understanding Software Vulnerability Management complexities
CISA
9 months ago
Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally | CISA
CERT Polska
9 months ago
Russian Foreign Intelligence Service (SVR) Cyber Actors Use JetBrains TeamCity CVE in Global Targeting
CERT-EU
a year ago
Russian hackers lured embassy workers in Ukraine with ad for cheap BMW
MITRE
2 years ago
Russia: UK and US expose global campaign of malign activity by Russian intelligence services
MITRE
2 years ago
Russia: UK exposes Russian involvement in SolarWinds cyber compromise