|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
2019
|
|
gptkbp:alsoKnownAs
|
gptkb:APT29
gptkb:Nobelium
|
|
gptkbp:associatedWith
|
gptkb:Russian_intelligence
|
|
gptkbp:attributedTo
|
high confidence to Russian state
|
|
gptkbp:countryOfOrigin
|
gptkb:Russia
|
|
gptkbp:discoveredBy
|
gptkb:Microsoft
gptkb:FireEye
|
|
gptkbp:enemyOf
|
malware deployment
spear phishing
supply chain attack
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
UNC2452
|
|
gptkbp:impact
|
compromised thousands of organizations
global cyber espionage campaign
major US government breach
|
|
gptkbp:notableBattle
|
gptkb:SolarWinds_supply_chain_attack
|
|
gptkbp:notableFor
|
2020
|
|
gptkbp:notableVictim
|
gptkb:European_Union_institutions
gptkb:US_Department_of_Treasury
gptkb:Microsoft
gptkb:NATO
gptkb:US_Department_of_State
gptkb:FireEye
gptkb:US_Department_of_Homeland_Security
gptkb:SolarWinds
gptkb:US_Department_of_Energy
gptkb:US_Department_of_Commerce
|
|
gptkbp:publiclyExposed
|
December 2020
|
|
gptkbp:suspect
|
gptkb:Russian_Foreign_Intelligence_Service
|
|
gptkbp:tactics
|
data exfiltration
custom malware
living off the land
credential theft
lateral movement
|
|
gptkbp:target
|
gptkb:government_agency
gptkb:NGOs
technology companies
think tanks
|
|
gptkbp:usesMalware
|
gptkb:Sunburst
gptkb:Raindrop
gptkb:GoldMax
gptkb:Sibot
Teardrop
GoldFinder
|
|
gptkbp:bfsParent
|
gptkb:Operation:_Sunburst
|
|
gptkbp:bfsLayer
|
6
|