Cozy Bear
Russian hacker group
Follow Cozy Bear on Notably News to receive short updates to your email — rarely!
| June 28 2024 | Cozy Bear successfully compromised the corporate IT network of TeamViewer SE, a German technology company. The company reported that while the intrusion occurred, user data and its remote desktop software product remained unaffected. |
| January 2024 | Microsoft reported a significant cybersecurity breach by Midnight Blizzard (believed to be Cozy Bear), involving unauthorized access to senior leadership and legal/cybersecurity team email accounts through a 'password spray' attack that began in November 2023. |
| 2023 | Der Spiegel published documents suggesting a connection between Russian IT firm NTC Vulkan and Cozy Bear operations. |
| August 24 2022 | Microsoft reported Cozy Bear deployed the 'MagicWeb' tool to bypass user authentication on compromised Active Directory Federated Services servers. |
| 2021 | Microsoft reported that Cozy Bear was using the 'FoggyWeb' tool to extract authentication tokens from compromised Active Directory instances after obtaining AD administrator credentials. |
| July 2021 | Cozy Bear successfully breached the systems of the U.S. Republican National Committee through a compromised third-party IT vendor named Synnex, marking a significant cyber intrusion targeting a major political organization. |
| December 20 2020 | Cozy Bear was reported by the U.S. Government to have successfully compromised the networks of the Department of Commerce and Department of the Treasury, marking a significant cyber intrusion into U.S. civilian agencies. |
| December 8 2020 | FireEye cybersecurity firm disclosed that their internal tools were stolen, revealing a sophisticated cyber intrusion campaign involving the SUNBURST malware supply chain attack targeting SolarWinds Orion IT management product. |
| July 2020 | Five Eyes intelligence agencies (NSA, NCSC, and CSE) reported that Cozy Bear attempted to steal COVID-19 vaccine research data through targeted intrusion campaigns. |
| 2019 | ESET reported three malware variants (PolyglotDuke, RegDuke, and FatDuke) attributed to Cozy Bear, with improved anti-analysis methods, as part of 'Operation Ghost' intrusion campaigns. |
| 2014 | Dutch and American intelligence agencies began actively monitoring Cozy Bear hacking group. |
| 2010 | Symantec reports Cozy Bear began compromising diplomatic organizations and national governments internationally. |
This contents of the box above is based on material from the Wikipedia article Cozy Bear, which is released under the Creative Commons Attribution-ShareAlike 4.0 International License.