Blue Kitsune

Threat Actor updated 2 months ago (2024-11-29T13:58:01.340Z)
Download STIX
Preview STIX
Blue Kitsune, also known as APT29, Cozy Bear, and the Dukes, is a notable threat actor in the cybersecurity landscape. This entity has been linked to various cyber attacks against government bodies, academia, defense sectors, and non-governmental organizations worldwide, primarily through phishing emails. The group's activities have been tracked since 2015, with their tools and techniques evolving over time to include more sophisticated methods of attack. A key tool associated with Blue Kitsune is the WellMess malware. While it was initially challenging to definitively attribute this backdoor to Blue Kitsune, the National Cyber Security Centre (NCSC) has publicly attributed it to them. The WellMess backdoor shares design similarities with Seaduke, another tool previously used by Blue Kitsune. These correlations provide an interesting insight into the group's modus operandi, although these techniques are not exclusive to them. Despite exposure through open-source reporting, Blue Kitsune has not abandoned the use of the WellMess backdoor. Instead, they have improved its functionality, demonstrating the group's resilience and adaptability. Reports published in collaboration with Canada’s Communications Security Establishment and the US National Security Agency further attribute WellMess to Blue Kitsune, reinforcing the threat this actor poses to global cybersecurity.
Description last updated: 2024-11-15T16:17:31.404Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Blue Kitsune Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more