Apparently even one of the foremost intelligence agencies in the world is susceptible to the traditional vector of breach - a connected party that was compromised; leading to the exfiltration of 7.5TB of extremely sensitive data.
The FSB hack is interesting to me for two reasons - the data on projects that was removed; sovereign russian internet, social media scraping, email interception - and more interestingly, Tor network compromise research by means of russian-controlled exit nodes (although, perhaps nothing very surprising in there), but for all the protection FSB resources are under - they were still accessed by means of a less-well-protected but connected entity - SyTech.ru (which is still down as of time of writing).
The route in was:- Compromised Account --> Login--> Priv Escalation --> Lateral Movement to Email server --> Lateral Movement to JIRA Server --> File Access (plus peripheral website defacement).
It's one of the most commons reasons for breach of large networks - and we see it in a high number of headline breach reports. This time it's against a nation-state, which we typically assume is - if not impervious to such things - at least less likely to be a victim. Until all organsiations are serious about network segregation - we can add this to the ever-expanding list of lateral-movement compromises.
Hackers Stole 7.5TB Of Secret Data From Russia’s Intelligence Agency