CozyDuke

  • First known sample

    2014
  • Discovery

    2015
  • Number of targets

    1-100
  • Current status

    Active
  • Type

    Backdoor , Dropper
  • Targeted platforms

    Windows
  • TOP targeted countries

    Germany , South Korea , USA , Ukraine , Uzbekistan
  • Connected attacks

  • The way of propagation

    Social engineering , Watering hole attacks
  • Purpose/Functions

    Cyberespionage
  • Special features
    extremely sensitive high profile victims and targets (targets in the U.S. are believed to include the White House and the State Department)
  • Targets

    Government entities , Commercial entities
  • Artefacts/Attribution
    Strong malicious program functionality, as well as structural similarities match thу CozyDuke toolset with the MiniDuke, CosmicDuke and OnionDuke cyberespionage campaigns; operations that, according to a number of indicators, are believed to be managed by Russian-speaking authors.
  • Description

    An APT carrying out cyberespionage campaigns against government organizations and commercial entities in the US, Germany, and South Korea. In 2014, targets included the White House and the US Department of State. Initial infection often occurs by spear-phishing targets with e-mails containing a link to a hacked website or phony flash videos.

    Additional information