APT29: A Russian Hacker Group
This threat actor came into prominence in 2014. It is believed that it organized a series of precise cyber attacks on the national data of the U.S. government on December 20, 2020. This hacking was done under the direction of Russia. Its general characteristics are:
- It targets high profile victims and sensitive data.
- It has advanced crypto and anti-detection capabilities.
- Contains structural and functional similarities to early MiniDuke, CosmicDuke, and OnionDuke.
- It can make use of a backdoor and dropper to exfiltrate the data into C2 server. Its spyware and droppers generally have similar characteristics, that can be modified accordingly.
- It also uses spear phishing and sends links of a hacked website to the victim via email. These files are attached with malware and advertise themselves as a genuine website links prompting the user to click on them.
- It can also send phony Flash videos like Office Monkeys LOL Video.zip via email. They poses as some innocent funny videos attached with a malware or spyware. They can be quickly passed on in the offices silently infecting every system and files.