Cyber Resilience

Campaign · all campaigns

Operation GhostC0023 state

🇷🇺 RU · SVR

aka Operation Ghost

Run by APT29

Last updated: 2026-07-03

0attributed CVEs
16ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Operation Ghost](https://attack.mitre.org/campaigns/C0023) was an [APT29](https://attack.mitre.org/groups/G0016) campaign starting in 2013 that included operations against ministries of foreign affairs in Europe and the Washington, D.C. embassy of a European Union country. During [Operation Ghost](https://attack.mitre.org/campaigns/C0023), [APT29](https://attack.mitre.org/groups/G0016) used new families of malware and leveraged web services, steganography, and unique C2 infrastructure for each victim.(Citation: ESET Dukes October 2019)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
CM-69 / 1656%
SI-48 / 1650%
CM-27 / 1644%
CA-76 / 1638%
SI-36 / 1638%
AC-35 / 1631%
SC-75 / 1631%
AC-24 / 1625%
AC-44 / 1625%
AC-64 / 1625%
CM-74 / 1625%
AC-53 / 1619%
CM-53 / 1619%
IA-23 / 1619%
IA-122 / 1612%

Co-occurring actors

None.

Similar actors

Similar TTPs