The Dukes
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | Russia |
| Directly Linked Intrusion Sets | APT29 , Cozy Bear , Midnight Blizzard , NOBELIUM |
| Associated Threat Actor | SVR - Russian Foreign Intelligence Service |
F-Secure track the Dukes as a well-resourced, highly dedicated and organized cyberespionage group that they attribute to the Russian Federation. F-Secure report that the group has been active since at least 2008, collecting intelligence in support of foreign and security policy decision-making.
The Dukes are named after a collection of tools linked to the group such as 'MiniDuke', 'CozyDuke' and 'CosmicDuke'. MiniDuke was originally named by Kaspersky researchers.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
The Dukes Threat Reports
Report
SVR cyber actors adapt tactics for initial cloud access
This advisory from the UK's National Cyber Security Centre (NCSC) outlines tactics, techniques and procedures (TTPs) used by the cyber actors ...
References
MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1090.002 | External Proxy | Command and Control |
| T1098.005 | Device Registration | Persistence, Privilege Escalation |
| T1110 | Brute Force | Credential Access |
| T1621 | Multi-Factor Authentication Request Generation | Credential Access |
| T1528 | Steal Application Access Token | Credential Access |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |