APT29 Unleashes New Tools Against Ministries of Foreign Affairs

15 - 22 October 2019

Russian cyber espionage group APT29 is using new intrusion tools against Ministries of Foreign Affairs in Europe.

APT29 (aka Dukes and Cozy Bear), the sophisticated Russian cyber espionage group, has continued to be active despite widespread media coverage about the group’s involvement in the 2016 Democratic National Committee (DNC) email leak. In a recent campaign dubbed Operation Ghost, APT29 has targeted Ministries of Foreign Affairs in Europe and the US embassy of a European Union country in Washington DC. Using new intrusion tools such as PolyglotDuke (first-stage loader), RegDuke (first-stage backdoor) and FatDuke (third-stage back door), the group can maintain persistence and steal login details to move laterally across compromised networks.


Operation Ghost the Dukes Aren’t Back —They Never Left (PDF)

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence