A new report found that Cozy Bear, one of the least visible Russian hackers accused of infiltrating the Democratic National Committee during the 2016 US election campaign, has become more secret.
The report from ESET cybersecurity shows that Cozy Bear began using a different approach after 2016, continuing to target the foreign ministries of at least three European countries and the US embassy in a European country.
Cozy Bear, also called APT 29, and The Dukes, have been linked to the Russian Federal Security Service and the Foreign Intelligence Service, while her sister, the more famous Fancy B, is linked to the administration. Major General Staff of the Armed Forces.
Russia manages these penetration groups in a competitive manner. Separate intelligence agencies are encouraged to breach the same targets.
Cozy Bear did not completely disappear after 2016, but its attacks appear to have dropped dramatically, with a series of group-related abuses in 2017 against US think tanks, as well as numerous attacks in all elections around the world. In 2018 and against defense contractors, the media and other sectors.
She maintained her identity
ESET found evidence that the group has maintained some of its identity since 2018 using four previously undetected malware strains, and while some malware was detected as early as 2013 for this group, others are new since last year.
The new malware was found in organizations known to be hacked by Cozy Bear three months before new strains appeared in their systems.
ESET calls this campaign "Operation Ghost," and as with previous malware by Cozy Bear, the new strains used publicly available Internet services such as Reddit, Twitter and OneDrive to communicate and receive instructions from customers running the campaign. .
The group also hid new malware in image files to hide their movement on the Web.