CozyDuke CozyDuke

  • First known sample

  • Discovery

  • Number of targets

  • Current status

  • Type

    Backdoor , Dropper
  • Targeted platforms

  • TOP targeted countries

    Germany , South Korea , USA , Ukraine , Uzbekistan
  • Connected attacks

  • The way of propagation

    Social engineering , Watering hole attacks
  • Purpose/Functions

  • Special features
    extremely sensitive high profile victims and targets (targets in the U.S. are believed to include the White House and the State Department)
  • Targets

    Government entities , Commercial entities
  • Artefacts/Attribution
    Strong malicious program functionality, as well as structural similarities match thу CozyDuke toolset with the MiniDuke, CosmicDuke and OnionDuke cyberespionage campaigns; operations that, according to a number of indicators, are believed to be managed by Russian-speaking authors.
  • Description

    An APT carrying out cyberespionage campaigns against government organizations and commercial entities in the US, Germany, and South Korea. In 2014, targets included the White House and the US Department of State. Initial infection often occurs by spear-phishing targets with e-mails containing a link to a hacked website or phony flash videos.

    Additional information