Security experts revealed that the Russian-based hacking group “Cozy Bear”, the group behind the 2016 U.S. Presidential election hack, has been working under the radar to attack the Foreign Ministries in Europe.
Cozy Bear, also known as APT29, is believed to be linked to the Russian intelligence service and Russian military hacking group Fancy Bear, which was involved in high profile attacks between 2014 and 2017.
According to cybersecurity analysts from IT security firm ESET, the hacking group, which ESET refer to as Dukes, have continued their campaign “Operation Ghost” from 2013 to 2019.
The researchers stated the group continued their malicious activities while staying under the radar. Cozy Bear recently targeted ministries of foreign affairs of three different countries in Europe, as well as the U.S. embassy of a European Union country in Washington DC.
“The Dukes (aka APT29 and Cozy Bear) have been in the spotlight after their suspected involvement in the breach of the Democratic National Committee in the run-up to the 2016 U.S. elections. Since then, except for a one-off, suspected comeback on November 2018, with a phishing campaign targeting several US-based organizations, no activity has been confidently attributed to the Dukes. This left us thinking that the group had stopped its activities,” ESET said in a statement.
“This held true until recent months when we uncovered three new malware families that we attribute to the Dukes – PolyglotDuke, RegDuke, and FatDuke. These new implants were used until very recently, with the latest observed sample being deployed in June 2019. This means the Dukes have been quite active since 2016, developing new implants and compromising high-value targets. We call these newly uncovered Dukes activities, collectively, Operation Ghost,” the statement added.
Attackers from Russia were involved in a series of espionage activities across various sectors over the years. A recent threat report from cybersecurity firm CrowdStrike revealed that hackers tied to Russian intelligence agencies are eight times faster than North Koreans, Chinese, and Iranians in hacking.
In its report titled Global Threat Report 2019: Adversary Tradecraft and the Importance of Speed, CrowdStrike stated the Russians are the most sophisticated among the many nation-state adversaries that are regularly hacking government and private computers in the United States.
