Cyber Resilience

Threat actor · all actors

APT29G0016 state

🇷🇺 RU · SVR

aka APT29, IRON RITUAL, IRON HEMLOCK, NobleBaron, Dark Halo, NOBELIUM, UNC2452, YTTRIUM, The Dukes, Cozy Bear, CozyDuke, SolarStorm, Blue Kitsune, UNC3524, Midnight Blizzard, Group 100, Minidionis, SeaDuke, Grizzly Steppe, G0016, ATK7, Cloaked Ursa, TA421, ITG11, BlueBravo, UAC-0029

Last updated: 2026-07-03

3attributed CVEs
96ATT&CK techniques
9.1IDF score (tooling uniqueness)
1exclusive CVEs
2010–2026years active

About this actor

[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April 2021) They have operated since at least 2008, often targeting government networks in Europe and NATO member countries, research institutes, and think tanks. [APT29](https://attack.mitre.org/groups/G0016) reportedly compromised the Democratic National Committee starting in the summer of 2015.(Citation: F-Secure The Dukes)(Citation: GRIZZLY STEPPE JAR)(Citation: Crowdstrike DNC June 2016)(Citation: UK Gov UK Exposes Russia SolarWinds April 2021) In April 2021, the US and UK governments attributed the [SolarWinds Compromise](https://attack.mitre.org/campaigns/C0024) to the SVR; public statements included citations to [APT29](https://attack.mitre.org/groups/G0016), Cozy Bear, and The Dukes.(Citation: NSA Joint Advisory SVR SolarWinds April 2021)(Citation: UK NSCS Russia SolarWinds April 2021) Industry reporting also referred to the actors involved in this campaign as UNC2452, NOBELIUM, StellarParticle, Dark Halo, and SolarStorm.(Citation: FireEye SUNBURST Backdoor December 2020)(Citation: MSTIC NOBELIUM Mar 2021)(Citation: CrowdStrike SUNSPOT Implant January 2021)(Citation: Volexity SolarWinds)(Citation: Cybersecurity Advisory SVR TTP May 2021)(Citation: Unit 42 SolarStorm December 2020)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2010-0232 KEV10.07.80.76562010-01-21see CVE
CVE-2020-8554 6.06.30.31202021-01-21see CVE
CVE-2026-20929 5.57.50.01142026-01-13see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-463 / 9666%
CM-661 / 9664%
AC-354 / 9656%
AC-651 / 9653%
AC-249 / 9651%
CM-247 / 9649%
IA-241 / 9643%
CA-738 / 9640%
CM-738 / 9640%
AC-536 / 9638%
SI-335 / 9636%
SI-733 / 9634%
CM-532 / 9633%
AC-426 / 9627%
SC-724 / 9625%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs