Cozy Bear
Cozy Bear, also known as CozyDuke or APT29, are a Russian hacker group believed to be associated with Russian intelligence. Cybersecurity firm CrowdStrike has suggested that it may be associated with the Russian FSB.[1] They are considered an advanced persistent threat.
Cozy Bear is suspected of being behind the 'HAMMERTOSS' remote access tool which uses commonly visited websites like Twitter and GitHub to relay command data.[2]
In August 2015 Cozy Bear was linked to an spear-phishing cyber-attack against the Pentagon email system causing the shut down of the entire Joint Staff unclassified email system and Internet access during the investigation.[3][4]
In June 2016, Cozy Bear was implicated alongside the hacker group Fancy Bear in the Democratic National Committee cyber attacks.[1]
See also
- Fancy Bear (also known as APT28)
References
- 1 2 Alperovitch, Dmitri. "Bears in the Midst: Intrusion into the Democratic National Committee". CrowdStrike Blog. Retrieved 27 September 2016.
- ↑ "HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group". FireEye. 9 July 2015. Retrieved 7 August 2015.
- ↑ Kube, Courtney (7 August 2015). "Russia hacks Pentagon computers: NBC, citing sources". Retrieved 7 August 2015.
- ↑ Starr, Barbara (7 August 2015). "Official: Russia suspected in Joint Chiefs email server intrusion". Retrieved 7 August 2015.