Cybersécurité dans l'espace: comment Thales relève les défis à venir
Alias: APT 29, APT29, Cozer, Cozy Bear, CozyBear, CozyCar, Cozy Duke, CozyDuke, Dukes, EuroAPT, Grizzly Steppe, Group 100, Hammer Toss, Iron Hemlock, Minidionis, NOBELIUM, Office Monkeys, OfficeMonkeys, SeaDuke, The Dukes, UNC2452, YTTRIUM
ATK7 (aka: APT29, NOBELIUM, UNC2452) is an attacker group that exists since at least 2008 and that is believed to act for the Russian government. The group is composed of highy competent members that are well organized, allowing for complex and long-running campaigns. The group's main goal is espionage and intelligence collection. The group therefore targets Western organizations, with a special focus on governmental bodies, think tanks... It as also occasionally expanded its reach to governments in the Middle East, Asia, Africa, etc. In order to reach its goal, the group has used multiple families of malware.
The group aims to act fast, albeit in a noisy way: Their campaigns are not designed in order to be discrete, but to be distributed to a large number of victims, followed by deployment of a malware that will quickly grab and exfiltrate every potentially interesting information. When a victim of interest has been unmasked, the group will then often switch to a different, stealthier malware, designed for long-term persistence, in order to gather intelligence.
In recent years, the group has been leading these campaigns bi-annually.
The group is suspected to be responsible for the 2015 hack of multiple governmental institutions in the USA, including the White House, the Pentagon and the DoS.
The threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, and related components.
They ran an election fraud themed phishing campaign in mid-2021 which delivered a Cobalt Strike beacon.
In the same year, they've also been observed targeting an Israeli and an Irianian embassy, the Indian gouvernment with maldoc delivering multiple versions of the same Cobalt Strike beacon.
In 2022, the European government and several diplomatic institutions were targeted in the same way.
REFERENCES