The Dukes

Actor Type	Nation State
Attributed to Nation	Russia
Directly Linked Intrusion Sets	APT29 , Cozy Bear , Midnight Blizzard , NOBELIUM
Associated Threat Actor	SVR - Russian Foreign Intelligence Service

F-Secure track the Dukes as a well-resourced, highly dedicated and organized cyberespionage group that they attribute to the Russian Federation. F-Secure report that the group has been active since at least 2008, collecting intelligence in support of foreign and security policy decision-making.

The Dukes are named after a collection of tools linked to the group such as 'MiniDuke', 'CozyDuke' and 'CosmicDuke'. MiniDuke was originally named by Kaspersky researchers.

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

The Dukes Threat Reports

Report

SVR cyber actors adapt tactics for initial cloud access

This advisory from the UK's National Cyber Security Centre (NCSC) outlines tactics, techniques and procedures (TTPs) used by the cyber actors ...

View Source

References

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use by this intrusion set.

Search:

ATT&CK ID	Title	Associated Tactics
T1090.002	External Proxy	Command and Control
T1098.005	Device Registration	Persistence, Privilege Escalation
T1110	Brute Force	Credential Access
T1621	Multi-Factor Authentication Request Generation	Credential Access
T1528	Steal Application Access Token	Credential Access
T1078.004	Cloud Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation

Showing 1 to 6 of 6 entries

The Dukes

Cyber Threat Graph Context

The Dukes Threat Reports

SVR cyber actors adapt tactics for initial cloud access

References

blog.f-secure.com

www.cisa.gov

www.ncsc.gov.uk

MITRE ATT&CK Techniques