Preview Mode Links will not work in preview mode

To ancients of the north, the steam rising from the hot stones of a sauna was akin to the very life force of man. To this day, deals are struck and decisions made in saunas, where movers and shakers gather to exchange ideas.

We invite you to Cyber Security Sauna (#CyberSauna), the podcast for sweating out the hot topics in security. We bring you expert guests with sizzling insight into the latest information security trends and topics. WithSecure's self-proclaimed "cyber translator" Janne Kauhanen hosts the show to make sure you know all you need to about the hotter-than-ever infosec game.

May 6, 2020

APT29, aka Cozy Bear or the Dukes, is a cyber espionage group whose misdeeds include famously hacking into the DNC servers in the run-up to the 2016 US election. Now, as the subject of MITRE's latest ATT&CK Evaluation, the group is in focus again. The Dukes are familiar to F-Secure's Artturi Lehtio, who extensively researched them in 2015. But hindsight is 20/20, and Artturi joins the show to discuss how his views on the group have changed since his research. 

Also in this episode: How APT groups behave after being burned and why the Dukes are different; why calling them a single organization is too strong; and why published APT research has generally dwindled in recent years.

Links:

Episode 39 transcript

The Dukes: 7 Years of Russian Cyberespionage - F-Secure whitepaper

MITRE ATT&CK Evaluation: APT29

Operation Ghost - ESET

No Easy Breach by Matthew Dunwoody & Nick Carr - DerbyCon 2016

Dukes activity after their "return" in 2016 - Volexity