039| Deconstructing the Dukes: A Researcher's Retrospective of APT29
Cyber Security Sauna · F-Secure
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
APT29, aka Cozy Bear or the Dukes, is a cyber espionage group whose misdeeds include famously hacking into the DNC servers in the run-up to the 2016 US election. Now, as the subject of MITRE's latest ATT&CK Evaluation, the group is in focus again. The Dukes are familiar to F-Secure's Artturi Lehtio, who extensively researched them in 2015. But hindsight is 20/20, and Artturi joins the show to discuss how his views on the group have changed since his research.
Also in this episode: How APT groups behave after being burned and why the Dukes are different; why calling them a single organization is too strong; and why published APT research has generally dwindled in recent years.
Links:
The Dukes: 7 Years of Russian Cyberespionage - F-Secure whitepaper
MITRE ATT&CK Evaluation: APT29
No Easy Breach by Matthew Dunwoody & Nick Carr - DerbyCon 2016