The SVR is Russia’s private foreign intelligence agency and the successor to the KGB’s first Supreme Bureau. It is primarily targeted at foreign government, diplomatic, think tanks, healthcare, and energy targets for intelligence purposes. It is technologically advanced and is developing the ability to act undetected against European countries, NATO member states and their neighbors.
In December 2020, a breach of Solar Winds IT services company was discovered. SolarWinds has confirmed that 18,000 organizations around the world, including the US government sector, are affected. The overall impact of SVR’s misuse of this software on the UK is small. The National Cyber Security Center (NCSC) advice on how to protect against this threat is as follows: Available
The NCSC has assessed that Russian foreign intelligence agencies are likely responsible for infringement of SolarWinds software, Orion, and subsequent targeting. Details of the framework used by the UK Government for all source intelligence assessments, including probabilistic criteria, are as follows: Available here
The SVR Cyber Actor is open source and known as APT29 Cozy Bear The Dukes and is being tracked.
This incident is part of SVR’s behavioral patterns and includes:
|Continued since at least 2011||MFA and MoD facilities in Europe and NATO member countries||SVR uses access to government networks in Europe and NATO member countries to collect intelligence information, including information on ongoing geopolitical issues.|
|Continued since at least 2015||Targeting research institutes and think tanks.||SVR targeted research institutes and think tanks for information gathering.|
|2020||SolarWinds||18,000 organizations around the world, including the US government sector, were affected by Solar Winds Orion software that infringes SVR.|
The British government has previously released details of other parts of the Russian intelligence service conducting cyber operations.
With the information provided today, the UK Government has released the following part of Russia’s cyber program:
Cyber structure of Russian intelligence
|FSB-Federal Security Services||SVR-Foreign Intelligence Service||GRU-Military Intelligence|
|Publicly known: Apt29, CozyBear, The Dukes||GRU 85th. Field post number 26165. Publicly known as Apt28, FancyBear, and Strontium.|
|GRUGTs ST. Field post number 74455. Publicly known as Sandworm.|
Russia: UK reveals Russia’s involvement in SolarWinds cyber breaches
SourceRussia: UK reveals Russia’s involvement in SolarWinds cyber breaches