Security news aggregator

Latest coverage for APT29

APT29 is an espionage-focused threat actor associated with Russian intelligence, making its tactics relevant to understanding state-backed cyber risk.

21 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

APT29 is a sophisticated cyber espionage group linked to a nation-state, known for stealthy, long-term intrusions targeting government agencies, think tanks, and research institutions. They employ custom malware, zero-day exploits, and social engineering to gain initial access and maintain persistence, often using legitimate credentials to avoid detection. Their operations focus on intelligence collection rather than immediate disruption or destruction.

Security teams should watch for signs of credential compromise, lateral movement, and covert data exfiltration associated with APT29 activity. Defenses that emphasize multi-factor authentication, network segmentation, and behavioral anomaly detection can reduce risk. Understanding APT29’s tactics, techniques, and procedures (TTPs) enables more effective threat hunting and tailored monitoring to detect and mitigate espionage campaigns early.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 21 Filtered view

Amazon has seized domains used by the Russian APT29 hacking group in targeted attacks against government and military organizations to steal Windows credentials and data using malicious Remote Desktop Protocol connection files. [...]

Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's Foreign Intelligence Service (SVR), to widespread attacks targeting NATO and European Union countries. [...]

Loading more headlines...