Five Eyes top agencies issue warning that Russian hackers are targeting the cloud — and the human factor is once again to blame

UK NCSC and the FBI, NSA and CISA have issued a dire warning

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Five Eyes alliance, formed of intelligence agencies from the UK, US, Australia, Canada, and New Zealand, have issued a warning that Russian hacker groups are switching tocloud servicesas their choice of target.

The jointadvisorystates that instead of attempting to access on-prem infrastructure, threat actors are shifting their hunting grounds to cloud based environments.

The access methods chosen by the hackers remain largely the same, with password spraying and brute force attacks accounting for many cloud breaches in recent years.

A Russian storm is gathering in the cloud

The advisory states that threat actors have followed businesses as they shifted to the cloud as part of the business transformation trend to do business in the cloud. Therefore, “[threat actors] have to move beyond their traditional means of initial access, such as exploiting software vulnerabilities in an on-premises network, and instead target the cloud services themselves.”

Several federal agencies including the US Department of State were breached by Russian hacker group APT29 (CozyBear, MidnightBlizzard, TheDukes) as a result of the SolarWinds attack three years ago, in which compromised SolarWind software was distributed in an automatic software update to around 18,000 customers.

One of the most lucrative forms of cloud access exists in the form of dormant organization accounts that retain access privileges that have not been revoked when an employee has left the organization. The hackers can also exploit stolen access tokens to bypass credentials andmulti-factor authentication(MFA), or hijack devices using password resets.

A particular trademark of Russian-backed hackers in the use of the MagicWeb malware once access is obtained. This malware allows the hackers to disguise themselves as a legitimate user within the organization’s infrastructure.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The advisory also issued a number of mitigation and detection techniques:

ViaBleepingComputer

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

LG Electronics sets ambitious B2B revenue goal to offset declining consumer demand

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics