You are here

Examination of Phishing Campaign by APT29, aka “Cozy Bear”

Examination of Phishing Campaign by APT29, aka “Cozy Bear”

Created: Tuesday, November 20, 2018 - 13:01
Categories:
Cybersecurity

Cybersecurity firm FireEye reports it has detected intrusion attempts against multiple critical infrastructure sectors by the threat group it refers to as “APT29.” The latest campaign by the group involves a phishing email appearing to come from a public affairs official at the U.S. Department of State. The email includes zip files containing malicious Windows shortcuts that deliver a Cobalt Strike Beacon backdoor, which had been customized by the attacker to blend in with legitimate network traffic. FireEye’s posting includes numerous technical details that organizations can use to help defend their networks against this activity. FireEye suspects that APT29, which is also referred to as “Cozy Bear,” has links to the Russian government. FireEye.