APT29 SVR Global Targeting
US/UK/EU joint advisory on SVR APT29 exploitation of five publicly known vulnerabilities for initial access against government and private sector targets.
Start date
1 May 2021
End date
—
Techniques
19
Attributed actors
Techniques (19)
collection1
T1114.002Remote Email Collection
command-and-control4
T1573.002Asymmetric Cryptography
T1105Ingress Tool Transfer
T1071.001Web Protocols
T1090.003Multi-hop Proxy
credential-access1
T1003.001LSASS Memory
defense-impairment1
T1070.001Clear Windows Event Logs
discovery2
T1082System Information Discovery
T1083File and Directory Discovery
execution1
T1059.001PowerShell
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access4
T1078Valid Accounts
T1133External Remote Services
T1566.001Spearphishing Attachment
T1190Exploit Public-Facing Application
lateral-movement3
T1021.001Remote Desktop Protocol
T1550.002Pass the Hash
T1550.003Pass the Ticket
persistence2
T1078Valid Accounts
T1133External Remote Services
privilege-escalation1
T1078Valid Accounts
stealth2
T1078Valid Accounts
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.