Russian Espionage Network Device Compromises
Threat Profiles & Threat Objects
“Trending & Emerging Threats” weekly update: Russian Espionage Network Device Compromises
- Cisco Talos researchers and FBI officials released details of an ongoing campaign attributed to Static Tundra, which the researchers describe as a likely "sub-cluster" of Russian cyber espionage group Energetic Bear (aka BERSERK BEAR, Dragonfly, et al.).
- Actors exploited a seven-year old vulnerability (CVE-2018-0171) in unpatched Cisco network devices to conduct large-scale device configuration discovery, likely for use in later targeting.
- Compromise of routers, firewalls, and other network devices for espionage and future targeting (T1584.008) has been a prominent landscape trend over especially the past two years, but most recent reporting has focused on Chinese state actors.
- The Tidal Cyber knowledge base highlights APT28 as another Russian spy group previously known to use this Technique.
- Compromise of routers, firewalls, and other network devices for espionage and future targeting (T1584.008) has been a prominent landscape trend over especially the past two years, but most recent reporting has focused on Chinese state actors.
- Actors exploited a seven-year old vulnerability (CVE-2018-0171) in unpatched Cisco network devices to conduct large-scale device configuration discovery, likely for use in later targeting.
- New Campaign object added covering recent reports of “widespread data theft” impacting Salesforce instances with the Salesloft Drift third-party application connected.
- An attacker (UNC6395) used compromised OAuth tokens to gain access and then harvested large volumes of Salesforce data, appearing to intentionally target sensitive credentials like AWS access keys and Snowflake (cloud data storage)-related tokens.
- An attacker (UNC6395) used compromised OAuth tokens to gain access and then harvested large volumes of Salesforce data, appearing to intentionally target sensitive credentials like AWS access keys and Snowflake (cloud data storage)-related tokens.