APT29, YTTRIUM, CozyCar, CozyDuke, The Dukes, IRON HEMLOCK
Cozy Bear is an adversary of Russian-origin, assessed as likely to be acting on behalf of the Foreign Intelligence Service of the Russian Federation. This adversary has leveraged large-volume spear phishing campaigns to deliver an extensive range of malware types as part of an effort to entities across a variety of sectors likely aligning to enduring collection requirements of multiple Russian operational directorates assessed. A distinct characteristic of the adversary’s modus operandi is the persistence and focus on specific targets, typically manifested through repeated attempts to re-acquire and establish access to networks where they have previously lost operational control.
- Industrials and Engineering
- NGOs and Nonprofits
- Oil and Gas
Crowdstrike Cozy Bear
I have read and accept the terms and conditions