Svr

Company/Organization updated a month ago (2024-10-11T14:16:53.322Z)
Download STIX
Preview STIX
SVR, Russia's civilian foreign intelligence service and the successor organization to the KGB’s First Chief Directorate, has been conducting cyber espionage activities for years. Known in open source as APT29, Cozy Bear, Midnight Blizzard, Nobelium, and the Dukes, SVR hackers have been spying on US, European, and global entities to collect intelligence and enable future cyber operations. The group typically begins by scanning internet-facing systems for unpatched vulnerabilities, gaining initial access via techniques such as brute-forcing, password spraying, and exploiting dormant accounts. Once inside, they use sophisticated tools like the MagicWeb malware to evade detection within the victims' networks, which mainly include government and critical organizations spanning Europe, the United States, and Asia. The SVR is known for targeting governmental networks across Europe and NATO member countries, as well as research institutes and think tanks, to gather intelligence information on ongoing geopolitical issues. Recent observations indicate that as organizations continue to modernize their systems and move to cloud-based infrastructure, the SVR has adapted its tactics accordingly, now focusing attacks on their victims' cloud services. Notably, previous activities attributed to SVR actors include the SolarWinds supply chain compromise and the targeting of organizations involved in COVID-19 vaccine development. In response to these persistent threats, UK and US agencies have shared a list of implementation recommendations to mitigate the SVR cyber espionage threat. On October 10, four government agencies from the US and the UK issued a joint advisory warning of the ongoing cyber espionage campaign by the SVR. The advisory also noted that when the SVR suspects their intrusions have been identified, they quickly attempt to destroy their infrastructure and any evidence on it, often using tools and programs already present on victim networks to avoid anti-virus software detection.
Description last updated: 2024-10-11T14:16:53.295Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Midnight Blizzard is a possible alias for Svr. Midnight Blizzard, also known as APT29 and Cozy Bear, is a Russia-linked threat actor group believed to be tied to the country's Foreign Intelligence Service (SVR). The group has been implicated in several high-profile cyber attacks, including breaches of Microsoft and Hewlett Packard Enterprise (HP
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Apt
Malware
Vulnerability
Teamcity
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Magicweb Malware is associated with Svr. MagicWeb is a sophisticated malware that was first reported by Microsoft in August 2022. It was developed and deployed by the threat group Nobelium, also known as Cozy Bear or APT29, who are believed to be associated with the Russian Foreign Intelligence Service (SVR). MagicWeb is designed to exploiUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The APT29 Threat Actor is associated with Svr. APT29, also known as Midnight Blizzard and linked to Russia's Foreign Intelligence Service (SVR), is a notorious threat actor that has been implicated in several high-profile cyberattacks. The group has demonstrated sophisticated capabilities, exploiting vulnerabilities such as the WinRAR 0day flaw Unspecified
3
The Cozy Bear Threat Actor is associated with Svr. Cozy Bear, also known as APT29 and Midnight Blizzard, is a threat actor believed to be linked to the Russian government. This entity has been behind numerous cyberattacks with malicious intent, targeting various organizations and systems worldwide. The first significant intrusion attributed to Cozy Unspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-42793 Vulnerability is associated with Svr. CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurreUnspecified
2
Source Document References
Information about the Svr Company/Organization was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
a month ago
CERT-EU
9 months ago
InfoSecurity-magazine
8 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
InfoSecurity-magazine
9 months ago
CISA
9 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CISA
a year ago
CERT Polska
a year ago
CERT-EU
a year ago
MITRE
2 years ago
MITRE
2 years ago