RandomGuy
05-25-2017, 12:32 PM
Whitepaper by F-Secure.
Good open-source background material outlining Russian state capabilities. (see link to paper below)
Today we release a new whitepaper on an APT group commonly referred to as “the Dukes”. We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage group that has been working for the Russian government since at least 2008 to collect intelligence in support of foreign and security policy decision-making.
The Dukes (sometimes also referred to as APT29) are known to employ a wide arsenal of malware toolsets including MiniDuke, CosmicDuke, OnionDuke, CozyDuke, SeaDuke, CloudDuke (aka MiniDionis), and HammerDuke (aka HAMMERTOSS [PDF]).
Despite the extensive technical research by us and others into many of the toolsets of the Dukes, we felt that we were still missing crucial parts of the story. Meanwhile, others had envisioned how the story might look, but had concluded that “it is difficult to lead the defense against that which one is not aware of or does not comprehend.” (Maldre, 2015)
With this in mind, we recently set out on a journey back through all of our previous research on the Dukes looking for clues and threads that we might have missed or whose importance we might not have understood at the time. Through this process, we were able to uncover clues pointing to the existence of two previously unidentified Duke malware toolsets, PinchDuke and GeminiDuke.
Blog here:
https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/
pdf:
https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf
Good open-source background material outlining Russian state capabilities. (see link to paper below)
Today we release a new whitepaper on an APT group commonly referred to as “the Dukes”. We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage group that has been working for the Russian government since at least 2008 to collect intelligence in support of foreign and security policy decision-making.
The Dukes (sometimes also referred to as APT29) are known to employ a wide arsenal of malware toolsets including MiniDuke, CosmicDuke, OnionDuke, CozyDuke, SeaDuke, CloudDuke (aka MiniDionis), and HammerDuke (aka HAMMERTOSS [PDF]).
Despite the extensive technical research by us and others into many of the toolsets of the Dukes, we felt that we were still missing crucial parts of the story. Meanwhile, others had envisioned how the story might look, but had concluded that “it is difficult to lead the defense against that which one is not aware of or does not comprehend.” (Maldre, 2015)
With this in mind, we recently set out on a journey back through all of our previous research on the Dukes looking for clues and threads that we might have missed or whose importance we might not have understood at the time. Through this process, we were able to uncover clues pointing to the existence of two previously unidentified Duke malware toolsets, PinchDuke and GeminiDuke.
Blog here:
https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/
pdf:
https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf