Cozy Bear Emerges from Hibernation to Hack EU Ministries

Cozy Bear Emerges from Hibernation to Hack EU Ministries
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.

Following its compromise of the network and servers of the Democratic National Committee (DNC) in 2016, the Russia-linked espionage group Cozy Bear, also known as APT29 and the Dukes, has focused on staying off the radar of intelligence services and security companies.


Yet the group has remained active, using covert communications — such as hiding information and commands in images, a technique known as steganography — to remain largely undetected. According to a report published today by security firm ESET, the group has compromised three European ministries of foreign affairs and the Washington, DC, embassy of an EU member. The report suggests that even after Cozy Bear was in the spotlight following the DNC breach, it recovered and rebuilt most of its tools and operations.


"Even if the group has managed to avoid public scrutiny for several years, they actually were very active compromising high-value targets and developing new tools," says Matthieu Faou, a malware researcher with ESET. "They have been operational for around 10 years, starting around 2008 [or] 2009. Since then, they have been active almost all the time."


As the United States starts another election cycle, this one promising to be even more chaotic than the last, signs of cyberattacks have garnered increasing attention. Cozy Bear has typically targeted Western countries or nations that had been part of the former USSR.


"Besides governments, the group also has targeted various organizations linked to NATO, think tanks, and political parties," ESET stated ..

Support the originator by clicking the read the rest link below.