![]() ![]() The Russian nation-state group combined the use of TOR’s custom built web browser with a specialized TOR plug-in that implements a domain front to make malicious traffic appear as if it were destined to legitimate websites, such as Google for instance.ĭomain fronting is the process of hiding the true nature of traffic from plain sight in addition to obscuring the true identity of the endpoint connection. APT29’s OperationĪs far back as 2015, APT29 used “domain fronting” as a process to secure access to backdoors installed on exploited targets. TOR played a critical role in obfuscating this APTs malicious deeds that when combined with domain fronting, backend encryption, and the use of reflection servers, APT29’s action all culminated in a recipe for disaster. The group is best known for exploiting vulnerabilities inherent within the Windows operating system, most pervasively components of the Widows Management Interface among other techniques that took advantage of the “Sticky Keys” feature to help this APT operate under stealth. ![]() APT29 was also implicated in numerous attacks against the State Department, White House, and Joint Chiefs of Staff while CozyDuke was engaged in data mining assaults against the Department of State and White House back the year prior in 2014. APT29 is probably best known it’s involvement in several attacks against political think tanks in America in addition to public sector organizations and attacks against the Democratic National Committee last year. The Dukes have recently been engaged in cyber strikes composed mostly of large-scale Spear-phishing campaigns against hundreds upon thousands of targets associated with government organizations and its affiliates. The Dukes main cyber weapon of choice is the use of Onion Routing as implemented within the TOR network due to its capabilities for obscuring the identities of the Dukes malicious deeds. The Dukes have access to a vast arsenal of malware toolsets, which have been identified as OnionDuke, CosmicDuke, MiniDuke, GeminiDuke, HammerDuke, PinchDuke, SeaDuke, and CloudDuke to name a few. Their primary mission traditionally has been to perform intelligence gathering in an effort to support Russian foreign and security policies. APT29, The Dukes, a term coined by security researchers at Kaspersky Labs, are a well funded, highly resourceful and dedicated group of organized cyber espionage hackers that have been linked to the Russian Federation dating back as far as 2008.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |