039| Deconstructing the Dukes: A Researcher's Retrospective of APT29

APT29, aka Cozy Bear or the Dukes, is a cyber espionage group whose misdeeds include famously hacking into the DNC servers in the run-up to the 2016 US election. Now, as the subject of MITRE's latest ATT&CK Evaluation, the group is in focus again. The Dukes are familiar to F-Secure's Artturi Lehtio, who extensively researched them in 2015. But hindsight is 20/20, and Artturi joins the show to discuss how his views on the group have changed since his research.

Also in this episode: How APT groups behave after being burned and why the Dukes are different; why calling them a single organization is too strong; and why published APT research has generally dwindled in recent years.

Links:

Episode 39 transcript

The Dukes: 7 Years of Russian Cyberespionage - F-Secure whitepaper

MITRE ATT&CK Evaluation: APT29

Operation Ghost - ESET

No Easy Breach by Matthew Dunwoody & Nick Carr - DerbyCon 2016

Dukes activity after their "return" in 2016 - Volexity