APT29

Pierluigi Paganini August 30, 2024
Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat Analysis Group) researchers observed the Russia-linked group APT29 (aka SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes). using exploits previously used by surveillance software vendors NSO Group and Intellexa. The circumstance suggests that the nation-state actors […]

Pierluigi Paganini June 30, 2024
Russia-linked group APT29 likely breached TeamViewer’s corporate network

Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer ‘s corporate network. TeamViewer discovered that a threat actor has breached its corporate network and some reports attribute the intrusion to the Russia-linked APT group APT29 (aka SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes). The unauthorized access to the IT infrastructure of the […]

Pierluigi Paganini March 23, 2024
Russia-linked APT29 targeted German political parties with WINELOADER backdoor

Russia-linked threat actors employ the WINELOADER backdoor in recent attacks targeting German political parties. In late February, Mandiant researchers spotted the Russia-linked group APT29 using a new variant of the WINELOADER backdoor to target German political parties with a CDU-themed lure.   This is the first time Mandiant observed the APT29 subcluster targeting political parties, suggesting […]

Pierluigi Paganini February 27, 2024
Russia-linked APT29 switched to targeting cloud services

Russia-linked APT29 threat actors have switched to targeting cloud services, according to a joint alert issued by the Five Eyes cybersecurity agencies. A joint advisory issued by cybersecurity agencies of Five Eyes (US, UK, Australia, Canada and New Zealand) warns that Russia-linked APT29 threat actors (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) have switched to targeting […]

Pierluigi Paganini December 14, 2023
Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Russia-linked cyber espionage group APT29 has been targeting JetBrains TeamCity servers since September 2023. Experts warn that the Russia-linked APT29 group has been observed targeting JetBrains TeamCity servers to gain initial access to the targets’ networks. The APT29 group (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) exploited the flaw CVE-2023-42793 in TeamCity to carry out […]

Pierluigi Paganini November 20, 2023
Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks. The Ukrainian National Security and Defense Council (NDSC) reported that APT29 (aka SVR group, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) has been exploiting the CVE-2023-38831 vulnerability in WinRAR in recent attacks. APT29 along with APT28 cyber espionage group was involved in the Democratic National Committee […]

Pierluigi Paganini August 17, 2023
APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries

Russia-linked APT29 used the Zulip Chat App in attacks aimed at ministries of foreign affairs of NATO-aligned countries EclecticIQ researchers uncovered an ongoing spear-phishing campaign conducted by Russia-linked threat actors targeting Ministries of Foreign Affairs of NATO-aligned countries. The experts detected two PDF files masqueraded as coming from the German embassy and that contained two […]

Pierluigi Paganini August 03, 2023
Russian APT29 conducts phishing attacks through Microsoft Teams

Russia-linked APT29 group targeted dozens of organizations and government agencies worldwide with Microsoft Teams phishing attacks. Microsoft Threat Intelligence reported that Russia-linked cyberespionage group APT29  (aka SVR group, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) carried out Microsoft Teams phishing attacks aimed at dozens of organizations and government agencies worldwide. APT29 along with APT28 cyber espionage group was involved in […]

Pierluigi Paganini April 13, 2023
The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Poland intelligence linked the Russian APT29 group to a series of attacks targeting NATO and European Union countries. Poland’s Military Counterintelligence Service and its Computer Emergency Response Team linked a recent string of attacks targeting NATO and European Union countries to the Russia-linked APT29 group (aka SVR group, Cozy Bear, Nobelium, and The Dukes). APT29 along with APT28 cyber espionage group […]

Pierluigi Paganini March 15, 2023
Russia-linked APT29 abuses EU information exchange systems in recent attacks

Russia-linked APT29 group abused the legitimate information exchange systems used by European countries to target government entities. Russia-linked APT29 (aka SVR group, Cozy Bear, Nobelium, and The Dukes) was spotted abusing the legitimate information exchange systems used by European countries in attacks aimed at governments. In early March, BlackBerry researchers uncovered a new cyber espionage campaign aimed at EU […]