12 Facts About Cozy Bear


Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia.

FactSnippet No. 1,602,223

On 20 December 2020, it was reported that Cozy Bear was responsible for a cyber attack on US sovereign national data, believed to be at the direction of the Russian government.

FactSnippet No. 1,602,224

Symantec believes that Cozy Bear had been compromising diplomatic organizations and governments since at least 2010.

FactSnippet No. 1,602,225

The speed at which Cozy Bear develops and deploys its components is reminiscent of the toolset of Fancy Bear, which uses the tools CHOPSTICK and CORESHELL.

FactSnippet No. 1,602,226

Cozy Bear is suspected of being behind the 'HAMMERTOSS' remote access tool which uses commonly visited websites like Twitter and GitHub to relay command data.

FactSnippet No. 1,602,227

Cozy Bear appears to have different projects, with different user groups.

FactSnippet No. 1,602,228

Evidence suggests that Cozy Bear's targets have included commercial entities and government organizations in Germany, Uzbekistan, South Korea and the US, including the US State Department and the White House in 2014.

FactSnippet No. 1,602,229

Cozy Bear then started an email campaign attempting to lure victims into clicking on a flash video of office monkeys that would include malicious executables.

FactSnippet No. 1,602,230

In June 2016, Cozy Bear was implicated alongside the hacker group Fancy Bear in the Democratic National Committee cyber attacks.

FactSnippet No. 1,602,231

Suspicions that Cozy Bear had ceased operations were dispelled in 2019 by the discovery of three new malware families attributed to Cozy Bear: PolyglotDuke, RegDuke and FatDuke.

FactSnippet No. 1,602,232

In July 2020 Cozy Bear was accused by the NSA, NCSC and the CSE of trying to steal data on vaccines and treatments for COVID-19 being developed in the UK, US, and Canada.

FactSnippet No. 1,602,233

In July 2021, Cozy Bear breached systems of the Republican National Committee.

FactSnippet No. 1,602,234