SVR - Russian Foreign Intelligence Service
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | Russia |
| Associated Intrusion Sets | APT29 , Midnight Blizzard , The Dukes , NOBELIUM , Cozy Bear |
The SVR, Russia's civilian foreign intelligence service, is the successor to the KGB's First Chief Directorate.
CISA report that SVR has been operating as an APT group since at least 2008. The group was identified as responsible for the 2020 cyber attack against SolarWinds and has been linked to groups reported as APT29, Cozy Bear and The Dukes.
Targeting has included government, think-tanks, healthcare and the energy sector.
Cyber Threat Graph Context
Explore how this cyber threat actor relates to the wider threat graph
SVR - Russian Foreign Intelligence Service Threat Reports
APT29 Uses WINELOADER to Target German Political Parties
This blog post by Mandiant describes activity by APT29, linked to Russia's SVR, which targeted German political parties with a new backdoor: ...
Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
This Cybersecurity Advisory by CISA with US and international partners outlines activity which they link to APT29 (also known as The Dukes, Cozy ...
Midnight Blizzard: Guidance for responders on nation-state attack
Following a compromise of Microsoft corporate systems by Midnight Blizzard which was detected on 12th January 2024, this blog post outlines ...
SVR cyber actors adapt tactics for initial cloud access
This advisory from the UK's National Cyber Security Centre (NCSC) outlines tactics, techniques and procedures (TTPs) used by the cyber actors ...