|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
2008
|
|
gptkbp:alsoKnownAs
|
gptkb:Cozy_Bear
gptkb:The_Dukes
|
|
gptkbp:attributedTo
|
gptkb:UK_National_Cyber_Security_Centre
gptkb:National_Security_Agency
gptkb:United_States_government
gptkb:Cybersecurity_and_Infrastructure_Security_Agency
gptkb:United_Kingdom_government
private cybersecurity firms
|
|
gptkbp:connectsTo
|
gptkb:SVR
gptkb:Russian_Foreign_Intelligence_Service
|
|
gptkbp:countryOfOrigin
|
gptkb:Russia
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
APT29
|
|
gptkbp:motive
|
gptkb:intelligence_gathering
espionage
political influence
|
|
gptkbp:notableBattle
|
gptkb:2016_Democratic_National_Committee_cyber_attacks
gptkb:SolarWinds_supply_chain_attack
|
|
gptkbp:notableEvent
|
gptkb:German_parliament_hack
gptkb:SolarWinds_Orion_compromise
COVID-19 vaccine research targeting
European government targeting
Microsoft email system compromise
NATO targeting
UK government targeting
US government agency breaches
US think tank targeting
|
|
gptkbp:notableFor
|
2014
2015
2016
2018
2019
2020
2021
2022
2023
|
|
gptkbp:target
|
gptkb:energy
healthcare organizations
think tanks
government organizations
diplomatic entities
|
|
gptkbp:technique
|
data exfiltration
credential harvesting
custom malware
living off the land
spear phishing
supply chain attacks
lateral movement
|
|
gptkbp:usesMalware
|
gptkb:SeaDuke
gptkb:GoldFinger
gptkb:CloudDuke
gptkb:CosmicDuke
gptkb:CozyDuke
gptkb:GoldMax
gptkb:MiniDuke
gptkb:SUNBURST
gptkb:TrailBlazer
gptkb:WellMail
gptkb:WellMess
GoldFinder
|
|
gptkbp:bfsParent
|
gptkb:Cozy_Bear
gptkb:APT
gptkb:Russian_hackers
|
|
gptkbp:bfsLayer
|
6
|