The Dukes
  • Also known as APT 29, Cozy Bear, Dark Halo, Nobelium, and Cloaked Ursa. Estonian intelligence services associate this group with the Russian Federal Security Service (FSB) and Foreign Intelligence Service (SVR).
This threat actor targets government ministries and agencies in the West, Central Asia, East Africa, and the Middle East; Chechen extremist groups; Russian organized crime; and think tanks. It is suspected to be behind the 2015 compromise of unclassified networks at the White House, Department of State, Pentagon, and the Joint Chiefs of Staff. The threat actor includes all of the Dukes tool sets, including MiniDuke, CosmicDuke, OnionDuke, CozyDuke, SeaDuke, CloudDuke (aka MiniDionis), and HammerDuke (aka Hammertoss).
Suspected victims
  • United States
  • China
  • New Zealand
  • Ukraine
  • Romania
  • Georgia
  • Japan
  • South Korea
  • Belgium
  • Kazakhstan
  • Brazil
  • Mexico
  • Turkey
  • Portugal
  • India
Suspected state sponsor
  • Russian Federation
Type of incident
  • Espionage
Target category
  • Government
  • Private sector