Hi All,
The UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA) and US Federal Bureau of Investigation (FBI) are releasing this joint advisory to provide details of tactics, techniques and procedures (TTPs) associated with APT28's exploitation of Cisco routers in 2021.
As of 2021, APT28 has been observed using commercially available code repositories, and post-exploit frameworks such as Empire. This included the use of Powershell Empire, in addition to Python versions of Empire.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA
------------------------------