CozyDuke
-
First known sample
2014 -
Discovery
2015 -
Number of targets
1-100 -
Current status
Active -
Type
Backdoor , Dropper -
Targeted platforms
Windows -
TOP targeted countries
Germany , South Korea , USA , Ukraine , Uzbekistan -
Connected attacks
More about the CozyDuke group, its tactics, techniques, procedures and tools
-
The way of propagation
Social engineering , Watering hole attacks -
Purpose/Functions
Cyberespionage -
Special features
extremely sensitive high profile victims and targets (targets in the U.S. are believed to include the White House and the State Department)
-
Targets
Government entities , Commercial entities -
Artefacts/Attribution
Strong malicious program functionality, as well as structural similarities match thу CozyDuke toolset with the MiniDuke, CosmicDuke and OnionDuke cyberespionage campaigns; operations that, according to a number of indicators, are believed to be managed by Russian-speaking authors.
-
Description
An APT carrying out cyberespionage campaigns against government organizations and commercial entities in the US, Germany, and South Korea. In 2014, targets included the White House and the US Department of State. Initial infection often occurs by spear-phishing targets with e-mails containing a link to a hacked website or phony flash videos.