APT29 Unleashes New Tools Against Ministries of Foreign Affairs
APT29 (aka Dukes and Cozy Bear), the sophisticated Russian cyber espionage group, has continued to be active despite widespread media coverage about the group’s involvement in the 2016 Democratic National Committee (DNC) email leak. In a recent campaign dubbed Operation Ghost, APT29 has targeted Ministries of Foreign Affairs in Europe and the US embassy of a European Union country in Washington DC. Using new intrusion tools such as PolyglotDuke (first-stage loader), RegDuke (first-stage backdoor) and FatDuke (third-stage back door), the group can maintain persistence and steal login details to move laterally across compromised networks.
References:Operation Ghost the Dukes Aren’t Back —They Never Left (PDF)
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services