Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders [open pdf - 1MB]
From the Summary: "The Federal Bureau of Investigation (FBI) and US Department of Homeland Security (DHS) assess Russian Foreign Intelligence Service (SVR) cyber actors--also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium--will continue to seek intelligence from US and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks. The SVR primarily targets government networks, think tank and policy analysis organizations, and information technology companies. On 15 April 2021, the White House released a statement on the recent SolarWinds compromise, attributing the activity to the SVR."
U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency: https://us-cert.cisa.gov/