apt29

Latest

  • Many russian hackers in troll farm. Cyber crime and security concept. Russia flag in background.

    Microsoft says SolarWinds hackers may have breached 14 more companies

    Nobelium attempted 23,000 attacks since July but had a low success rate, according to Microsoft.

    Kris Holt
    10.25.2021
  • RNC Chairwoman Ronna Romney McDaniel speaks to delegates in the Charlotte Convention Center’s Richardson Ballroom in Charlotte, where delegates have gathered for the roll call vote to renominate Donald J. Trump to be President of the United States and Mike Pence to be Vice President, in Charlotte, North Carolina, U.S., August 24, 2020. Travis Dove/Pool via REUTERS

    Russian hackers breached a GOP contractor

    A GOP contractor known as Synnex was breached over the weekend by Russian government-backed hackers.

    Saqib Shah
    07.07.2021
  • MOSCOW, RUSSIA APRIL 21, 2021: Flags of Russia and the United Sates in Novinsky Boulevard in central Moscow. Seen behind is the US embassy. Vladimir Gerdo/TASS (Photo by Vladimir Gerdo\TASS via Getty Images)

    Report: Russia 'likely' kept access to US networks after SolarWinds hack

    Russian intelligence 'likely' still has access to US networks after the SolarWinds hack despite attempts to close vulnerabilities, according to sources.

    Jon Fingas
    04.25.2021
  • MOSCOW, RUSSIA - APRIL 8, 2021: Russia's President Vladimir Putin holds a meeting at the Moscow Kremlin to discuss the implementaton of his 2019-2020 addresses to the Russian Federal Assembly. Alexei Druzhinin/Russian Presidential Press and Information Office/TASS (Photo by Alexei Druzhinin\TASS via Getty Images)

    US expels Russian diplomats in response to SolarWinds hack

    The US has expelled Russian diplomats and imposed new sanctions in response to the SolarWinds hack and election interference.

    Jon Fingas
    04.15.2021
  • Signage is seen at the United States Department of Justice headquarters in Washington, D.C., U.S., August 29, 2020. REUTERS/Andrew Kelly

    SolarWinds hackers accessed some of the DOJ’s email accounts

    The DOJ says approximately three percent of its Office 365 email accounts were accessed in connection to the SolarWinds hack.

    Igor Bonifacic
    01.06.2021
  • WASHINGTON, DC - DECEMBER 11: U.S. Secretary of State Mike Pompeo walks on the ground of the White House December 11, 2020 in Washington, DC. Secretary Pompeo gave a tour of the White House to his family and announced to the press that his son just got engaged. (Photo by Alex Wong/Getty Images)

    Secretary of State says Russia is 'clearly' behind federal agency hacks (updated)

    US Secretary of State Mike Pompeo has blamed Russia for a hacking campaign against federal agencies — the first in the administration to accuse Putin.

    Jon Fingas
    12.19.2020
  • Washington, DC, USA - March, 21, 2020 - The United States Department of Energy (DOE) headquarter building.

    State-sponsored hackers have breached the US' nuclear weapons agency

    Foreign hackers have breached the networks of the US Department of Energy and National Nuclear Security Administration.

    Igor Bonifacic
    12.17.2020
  • WASHINGTON, May 21, 2020 -- Photo taken on May 21, 2020 shows the U.S. Treasury Department building in Washington D.C., the United States. U.S. Treasury Secretary Steven Mnuchin said Thursday that the administration will carefully review the economic situation in the next few weeks, and that he thinks there is a "strong likelihood" the country will need another COVID-19 relief bill. (Photo by Ting Shen/Xinhua via Getty) (Xinhua/ via Getty Images)

    Foreign state hackers reportedly breached the US Treasury (updated)

    Hackers backed by a foreign government reportedly breached the US Treasury Department and NTIA, stealing info in the process.

    Jon Fingas
    12.13.2020
  • SARABURI, THAILAND - 2020/06/22: A researcher holds a COVID-19 mRNA vaccine during a news conference at the National Primate Research Center of Chulalongkorn University. Some vaccine candidates are in early stage of development, but 2 candidate vaccines are already in animal evaluation. The mRNA vaccine developed by Chulalongkorn University has proceeded through evaluation in mouse and then in Monkey. Second dose in Monkey is given on June 22, 2020. (Photo by Chaiwat Subprasom/SOPA Images/LightRocket via Getty Images)

    NSA says Russian hackers are trying to steal COVID-19 vaccine research

    The US, UK and Canada claim Cozy Bear has targeted health care organizations.

    Kris Holt
    07.16.2020
  • SAUL LOEB via Getty Images

    DNC claims Russians launched more phishing attacks after midterms

    The New York Times cites court documents filed by the Democratic National Committee that said it believes a Russian group launched a hacking attempt against it after last year's midterm elections. The lawsuit alleges a conspiracy between President Trump's campaign, Russian intelligence and Wikileaks targeting Hillary Clinton's campaign in 2016. According to the NYT, the DNC said "dozens" of email addresses in its organization were targeted by spearphishing, while security firm FireEye linked them to a larger campaign that included thinktanks, public sector, law enforcement and more. While they said a Russian hacking outfit known was APT29, Cozy Bear or the Dukes is likely behind the attempt, it didn't offer a firm attribution -- and we know how tricky those can be. As far as the case itself, some defendants have tried to have it dismissed saying it's just cover for the DNC losing the 2016 election. While that continues to be decided, you probably have security issues of your own to keep an eye on.

    Richard Lawler
    01.18.2019
  • djedzura

    Dutch intelligence had a front-row seat to Russian DNC hack

    Of all the ways Russia attempted to exert influence over the outcome of the 2016 presidential election, the hacking of the Democratic National Committee (DNC) and party officials was arguably one of the most damaging blows to the Clinton campaign. And according to an investigation by Dutch media, the national intelligence agency of the Netherlands, AIVD, watched the whole thing play out. Anonymous American and Dutch sources tell the story of the AIVD infiltrating the computer network of a Moscow university building -- a network which just so happened to be used by Russian hacking group Cozy Bear, aka APT29.

    Jamie Rigg
    01.26.2018
  • PAUL J. RICHARDS/AFP/Getty Images

    Vermont power company finds malware linked to Russian hackers (updated)

    Just a few days ago, the FBI and the Department of Homeland Security released a report detailing their assessment that Russian hackers were behind a series of attacks on US agencies and citizens. While the Obama administration issued sanctions, code linked to those hackers has been shared with other agencies, and on Friday, the Burlington Electric Department found malware with a matching signature on one of its laptops. The discovery raises more questions than it answers, but with recent reports of Russian hackers attacking the power grid in Ukraine, it obviously has raised alerts all over.

    Richard Lawler
    12.31.2016
  • Reuters/Lucy Nicholson

    After the election, hackers target think tanks with phishing attacks

    Now that the election is over, the Russian teams of hackers suspected of breaking into the Democratic Party's systems have reportedly launched a new phishing attack on US political think tanks and non-government organizations. Incident response firm Volexity has compiled information on "The Dukes" (aka APT29 or Cozy Bear) that it believes are behind the attacks. This time around, they worked by posing as a Harvard professor, sending links to Microsoft Office Word or Excel documents that contained a macro used to install a malware downloader on that target's computer. Once installed, it downloads a PNG file that has a backdoor embedded via steganography.

    Richard Lawler
    11.11.2016