The threat group APT 29 has apparently returned to action with ESET uncovering three new malware families it is attributing to the cybergang.
Apt 29/The Dukes is best known as being the primary suspect behind the Democratic National Committee breach during the runup to the 2016 U.S. presidential election, but the group had remained quiet for the most part since that attack.
“This left us thinking that the group had stopped its activities,” ESET reported.
This changed recently when APT 29/The Dukes, aka Cozy Bear, were tied to the three new malware entities named, PolyglotDuke, RegDuke and FatDuke, that were used in campaigns with the last being noticed in June 2019. Collectively ESET named all The Dukes activities, both past and present, Operation Ghost. ESET believes Ghost has been functioning since 2013, but kept out of sight under the cybersecurity industries radar.
Source: ESET
ESET accomplished its attribution primarily by comparing the techniques tactics and procedures (TTP) associated with the new attacks to older campaigns known to have been launched by the group.
These similarities include the use of social media sites to host the ..
Support the originator by clicking the read the rest link below.
