Campaign · all campaigns
Operation GhostC0023 state
🇷🇺 RU · SVR
aka Operation Ghost
Run by APT29
Last updated: 2026-07-03
0attributed CVEs
16ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
—years active
About this actor
[Operation Ghost](https://attack.mitre.org/campaigns/C0023) was an [APT29](https://attack.mitre.org/groups/G0016) campaign starting in 2013 that included operations against ministries of foreign affairs in Europe and the Washington, D.C. embassy of a European Union country. During [Operation Ghost](https://attack.mitre.org/campaigns/C0023), [APT29](https://attack.mitre.org/groups/G0016) used new families of malware and leveraged web services, steganography, and unique C2 infrastructure for each victim.(Citation: ESET Dukes October 2019)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
CM-6 | 9 / 16 | 56% |
SI-4 | 8 / 16 | 50% |
CM-2 | 7 / 16 | 44% |
CA-7 | 6 / 16 | 38% |
SI-3 | 6 / 16 | 38% |
AC-3 | 5 / 16 | 31% |
SC-7 | 5 / 16 | 31% |
AC-2 | 4 / 16 | 25% |
AC-4 | 4 / 16 | 25% |
AC-6 | 4 / 16 | 25% |
CM-7 | 4 / 16 | 25% |
AC-5 | 3 / 16 | 19% |
CM-5 | 3 / 16 | 19% |
IA-2 | 3 / 16 | 19% |
IA-12 | 2 / 16 | 12% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Cleaver 0.18
- POLONIUM 0.17
- C0010 0.15
- Outer Space 0.15
- HEXANE 0.15
Same nation-state
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00