APT 29¶
Group |
APT29 |
ATT&CK Group ID |
G0016 |
ATT&CK STIX ID |
|
Aliases |
APT29, YTTRIUM, The Dukes, Cozy Bear, CozyDuke |
Description¶
APT29 is a threat group that has been attributed to the Russian government and has operated since at least 2008. This group reportedly compromised the Democratic National Committee starting in the summer of 2015.
APT29 is distinguished by its commitment to stealth and sophisticated implementations of techniques via an arsenal of custom malware. APT29 typically accomplishes its goals via custom compiled binaries and alternate execution methods such as PowerShell and WMI. APT29 has also been known to employ various operational cadences (smash-and-grab vs. slow-and-deliberate) depending on the perceived intelligence value and/or infection method of victims.