APT29

GPTKB entity

Statements (65)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart 2008
gptkbp:alsoKnownAs gptkb:Cozy_Bear
gptkb:The_Dukes
gptkbp:attributedTo gptkb:UK_National_Cyber_Security_Centre
gptkb:National_Security_Agency
gptkb:United_States_government
gptkb:Cybersecurity_and_Infrastructure_Security_Agency
gptkb:United_Kingdom_government
private cybersecurity firms
gptkbp:connectsTo gptkb:SVR
gptkb:Russian_Foreign_Intelligence_Service
gptkbp:countryOfOrigin gptkb:Russia
https://www.w3.org/2000/01/rdf-schema#label APT29
gptkbp:motive gptkb:intelligence_gathering
espionage
political influence
gptkbp:notableBattle gptkb:2016_Democratic_National_Committee_cyber_attacks
gptkb:SolarWinds_supply_chain_attack
gptkbp:notableEvent gptkb:German_parliament_hack
gptkb:SolarWinds_Orion_compromise
COVID-19 vaccine research targeting
European government targeting
Microsoft email system compromise
NATO targeting
UK government targeting
US government agency breaches
US think tank targeting
gptkbp:notableFor 2014
2015
2016
2018
2019
2020
2021
2022
2023
gptkbp:target gptkb:energy
healthcare organizations
think tanks
government organizations
diplomatic entities
gptkbp:technique data exfiltration
credential harvesting
custom malware
living off the land
spear phishing
supply chain attacks
lateral movement
gptkbp:usesMalware gptkb:SeaDuke
gptkb:GoldFinger
gptkb:CloudDuke
gptkb:CosmicDuke
gptkb:CozyDuke
gptkb:GoldMax
gptkb:MiniDuke
gptkb:SUNBURST
gptkb:TrailBlazer
gptkb:WellMail
gptkb:WellMess
GoldFinder
gptkbp:bfsParent gptkb:Cozy_Bear
gptkb:APT
gptkb:Russian_hackers
gptkbp:bfsLayer 6