apt29
Latest
Microsoft says SolarWinds hackers may have breached 14 more companies
Nobelium attempted 23,000 attacks since July but had a low success rate, according to Microsoft.
Russian hackers breached a GOP contractor
A GOP contractor known as Synnex was breached over the weekend by Russian government-backed hackers.
Report: Russia 'likely' kept access to US networks after SolarWinds hack
Russian intelligence 'likely' still has access to US networks after the SolarWinds hack despite attempts to close vulnerabilities, according to sources.
US expels Russian diplomats in response to SolarWinds hack
The US has expelled Russian diplomats and imposed new sanctions in response to the SolarWinds hack and election interference.
SolarWinds hackers accessed some of the DOJ’s email accounts
The DOJ says approximately three percent of its Office 365 email accounts were accessed in connection to the SolarWinds hack.
Secretary of State says Russia is 'clearly' behind federal agency hacks (updated)
US Secretary of State Mike Pompeo has blamed Russia for a hacking campaign against federal agencies — the first in the administration to accuse Putin.
State-sponsored hackers have breached the US' nuclear weapons agency
Foreign hackers have breached the networks of the US Department of Energy and National Nuclear Security Administration.
Foreign state hackers reportedly breached the US Treasury (updated)
Hackers backed by a foreign government reportedly breached the US Treasury Department and NTIA, stealing info in the process.
NSA says Russian hackers are trying to steal COVID-19 vaccine research
The US, UK and Canada claim Cozy Bear has targeted health care organizations.
DNC claims Russians launched more phishing attacks after midterms
The New York Times cites court documents filed by the Democratic National Committee that said it believes a Russian group launched a hacking attempt against it after last year's midterm elections. The lawsuit alleges a conspiracy between President Trump's campaign, Russian intelligence and Wikileaks targeting Hillary Clinton's campaign in 2016. According to the NYT, the DNC said "dozens" of email addresses in its organization were targeted by spearphishing, while security firm FireEye linked them to a larger campaign that included thinktanks, public sector, law enforcement and more. While they said a Russian hacking outfit known was APT29, Cozy Bear or the Dukes is likely behind the attempt, it didn't offer a firm attribution -- and we know how tricky those can be. As far as the case itself, some defendants have tried to have it dismissed saying it's just cover for the DNC losing the 2016 election. While that continues to be decided, you probably have security issues of your own to keep an eye on.
Dutch intelligence had a front-row seat to Russian DNC hack
Of all the ways Russia attempted to exert influence over the outcome of the 2016 presidential election, the hacking of the Democratic National Committee (DNC) and party officials was arguably one of the most damaging blows to the Clinton campaign. And according to an investigation by Dutch media, the national intelligence agency of the Netherlands, AIVD, watched the whole thing play out. Anonymous American and Dutch sources tell the story of the AIVD infiltrating the computer network of a Moscow university building -- a network which just so happened to be used by Russian hacking group Cozy Bear, aka APT29.
Vermont power company finds malware linked to Russian hackers (updated)
Just a few days ago, the FBI and the Department of Homeland Security released a report detailing their assessment that Russian hackers were behind a series of attacks on US agencies and citizens. While the Obama administration issued sanctions, code linked to those hackers has been shared with other agencies, and on Friday, the Burlington Electric Department found malware with a matching signature on one of its laptops. The discovery raises more questions than it answers, but with recent reports of Russian hackers attacking the power grid in Ukraine, it obviously has raised alerts all over.
After the election, hackers target think tanks with phishing attacks
Now that the election is over, the Russian teams of hackers suspected of breaking into the Democratic Party's systems have reportedly launched a new phishing attack on US political think tanks and non-government organizations. Incident response firm Volexity has compiled information on "The Dukes" (aka APT29 or Cozy Bear) that it believes are behind the attacks. This time around, they worked by posing as a Harvard professor, sending links to Microsoft Office Word or Excel documents that contained a macro used to install a malware downloader on that target's computer. Once installed, it downloads a PNG file that has a backdoor embedded via steganography.
