Researchers at Mandiant (part of Google Cloud) warn that Russian government threat actors continue to target NATO member countries with spear phishing attacks. APT29 in particular has been targeting the technology sector in order to launch supply chain attacks.
“Publicly attributed to the Russian Foreign Intelligence Services (SVR) by several governments, APT29 is heavily focused on diplomatic and political intelligence collection, principally targeting Europe and NATO member states,” the researchers write.
“APT29 has been involved in multiple high-profile breaches of technology firms that were designed to provide access to the public sector. In the past year, Mandiant has observed APT29 targeting technology companies and IT service providers in NATO member countries to facilitate third-party and software supply chain compromises of government and policy organizations. The actor is extremely adept in cloud environments and particularly focused on covering their tracks, making them hard to detect and track, and especially difficult to expel from compromised networks.”
The threat actor frequently launches targeted phishing attacks against NATO diplomatic entities.
“APT29 also has a long history of spear-phishing campaigns against NATO members with a focus on diplomatic entities,” Mandiant says. “The actor has successfully breached executive agencies across Europe and the U.S. on several occasions. We have also seen them actively targeting political parties in Germany as well as in the U.S. with the likely objective of collecting intelligence on future government policy.”
Mandiant also warns that a separate Russian threat actor dubbed “COLDRIVER” is conducting credential phishing campaigns against various individuals and organizations associated with NATO.
“COLDRIVER is a Russian cyber espionage actor that has been publicly linked to Russia's domestic intelligence agency, the Federal Security Service (FSB),” the researchers write.
“The actor regularly carries out credential phishing campaigns against high-profile individuals in non-governmental organizations (NGOs) as well as former intelligence and military officers....COLDRIVER primarily targets NATO countries and shifted in 2022 to include the Ukrainian Government and organizations supporting the war in Ukraine. March 2022 also marked the first time COLDRIVER campaigns targeted the military of multiple European countries as well as a NATO Centre of Excellence.”
Additionally, senior U.S. intelligence officials have disclosed that the Russian government is once again attempting to influence the outcome of the U.S. presidential election, this time focusing on the 2024 race. While not explicitly naming Trump, they indicated that Russia's current activities, including covert social media operations and online propaganda campaigns, mirror their tactics from the 2020 and 2016 election cycles. This revelation is part of a broader landscape of foreign influence operations targeting the United States.
These disclosures underscore the ongoing and diverse threats of foreign interference in American democratic processes and highlight the need for heightened vigilance to safeguard the integrity of the US government.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Google Cloud has the story.