Cozy Bear
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | Russia |
| Directly Linked Intrusion Sets | APT29 , Midnight Blizzard , The Dukes , NOBELIUM |
| Associated Threat Actor | SVR - Russian Foreign Intelligence Service |
COZY BEAR is a Russian adversary tracked by CrowdStrike and linked to the SVR. COZY BEAR is one of the adversaries identified during the intrusion against the US Democratic National Committee in 2016.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
Cozy Bear Threat Reports
Report
Midnight Blizzard: Guidance for responders on nation-state attack
Following a compromise of Microsoft corporate systems by Midnight Blizzard which was detected on 12th January 2024, this blog post outlines ...
Report
SVR cyber actors adapt tactics for initial cloud access
This advisory from the UK's National Cyber Security Centre (NCSC) outlines tactics, techniques and procedures (TTPs) used by the cyber actors ...
References
www.ncsc.gov.uk
https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-accesswww.crowdstrike.com
https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/www.microsoft.com
https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/www.cisa.gov
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110aMITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1114.002 | Remote Email Collection | Collection |
| T1110.003 | Password Spraying | Credential Access |
| T1090.002 | External Proxy | Command and Control |
| T1098.005 | Device Registration | Persistence, Privilege Escalation |
| T1110 | Brute Force | Credential Access |
| T1621 | Multi-Factor Authentication Request Generation | Credential Access |
| T1528 | Steal Application Access Token | Credential Access |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |