H-ISAC TLP White: CISA Releases Joint NCSC-FBI-NSA Cybersecurity Advisory on Russian SVR Activity

The United States Cybersecurity and Infrastructure Security Agency (CISA) has posted the Current Activity "Joint NCSC-CISA-FBI-NSA Cybersecurity Advisory on Russian SVR Activity".

CISA has joined with the United Kingdom's National Cyber Security Centre (NCSC), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA), in releasing a Joint Cybersecurity Advisory on Russian Foreign Intelligence Service (SVR) tactics, techniques, and procedures. Further TTPs associated with SVR cyber actors provides additional details on SVR activity including exploitation activity following their initial compromise of SolarWinds Orion software supply chain.

CISA has also released Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise that provides summaries of three key joint publications that focus on SVR activities related to the SolarWinds Orion supply chain compromise.

Health-ISAC strongly encourages users and administrators to review the joint advisory as well as the other two advisories summarized on the fact sheet for mitigation strategies to aid organizations in securing their networks against Russian SVR activity.