August 20, 2024
Technical and contextual characteristics of both Volt Typhoon and Flax Typhoon are analysed in this comparative APT Profile from the EuRepoC team.
APT Profile – APT29
Stealth at Scale
- 23 February 2023
- Zettl-Schabath, Kerstin; Bund, Jakob; Gschwend, Timothy; Borrett, Camille
- EN
About APT29
APT29 is a state-integrated hacking group (foreign intelligence service/agency members):
The aforementioned industry and government sources characterise ATP29 as a direct agent of the Russian state, as part of the foreign intelligence service SVR. The operations are most often directed against Western societies labeled by the Russian government as “unfriendly states,” with targets based in the US, UK, and across the EU. The technical sophistication and target selection of the group (see below) are strong indicators for its state integration (especially integration into secret services).
Associated APT designations
- CozyDuke (F-Secure)
- UNC2452/APT29 (FireEye/Mandiant)
- Cozy Bear (CrowdStrike)
- IRON HEMLOCK/IRON RITUAL (Secureworks)
- NOBELIUM (Microsoft)
- Dukes (Kaspersky/CrySyS Lab Volexity/ESET)
- Cloaked Ursa (Palo Alto)
- Fritillary (Symantec)
- G0016 (MITRE ATT&CK)
Country of origin
Period of activity
Since at least 2008-today
Further industry reporting by SEKOIA.IO indicates the group may have started operations as early as 2004.
More APT profiles
- Research and Analysis
February 20, 2024
Technical and contextual characteristics of the Lazarus Group are analysed in this APT Profile from the EuRepoC team.
September 26, 2023
Technical and contextual characteristics of the APT3 group are analysed in this APT Profile from the EuRepoC team.