Chinese APT Analysis “APT30”


APT30 is a Chinese based, well organized, state sanctioned Cyber Espionage operation. The group is most notably known for its decade long use of the same sets of tools and tactics. The group’s main objective is the acquisition of private government information relating to socio and geo-political influence as conducted through long duration cyber espionage campaigns. APT30’s targets predominantly consist of organizations that satisfy its own governmental requirements for intelligence gathering. Some of the earliest domain registrations and malware compilation times date as far back as 2004 with its associated use of C2 server domains dating back to 2005. Continue reading

Russian APT Analysis “APT29, aka, The Dukes”


APT29, The Dukes, a term coined by security researchers at Kaspersky Labs, are a well funded, highly resourceful and dedicated group of organized cyber espionage hackers that have been linked to the Russian Federation dating back as far as 2008. Their primary mission traditionally has been to perform intelligence gathering in an effort to support Russian foreign and security policies. The Dukes have access to a vast arsenal of malware toolsets, which have been identified as OnionDuke, CosmicDuke, MiniDuke, GeminiDuke, HammerDuke, PinchDuke, SeaDuke, and CloudDuke to name a few.

Continue reading