Cozy Bear
Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR), a view shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke (by F-Secure), Dark Halo, The Dukes (by Volexity), Midnight Blizzard (by Microsoft), NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.
| Formation | c. 2008 |
|---|---|
| Type | Advanced persistent threat |
| Purpose | Cyberespionage, cyberwarfare |
Region | Russia |
| Methods | Spearphishing, malware |
Official language | Russian |
| Leader | Wriase |
Parent organization | either FSB or SVR |
| Affiliations | Fancy Bear |
Formerly called | APT29, CozyCar, CozyDuke, Dark Halo, The Dukes, Grizzly Steppe (when combined with Fancy Bear), NOBELIUM, Office Monkeys, StellarParticle, UNC2452, YTTRIUM |
On 20 December 2020, it was reported that Cozy Bear was responsible for a cyber attack on U.S. sovereign national data, believed to be at the direction of the Russian government.