Threat actor · all actors
APT29G0016 state
🇷🇺 RU · SVR
aka APT29, IRON RITUAL, IRON HEMLOCK, NobleBaron, Dark Halo, NOBELIUM, UNC2452, YTTRIUM, The Dukes, Cozy Bear, CozyDuke, SolarStorm, Blue Kitsune, UNC3524, Midnight Blizzard, Group 100, Minidionis, SeaDuke, Grizzly Steppe, G0016, ATK7, Cloaked Ursa, TA421, ITG11, BlueBravo, UAC-0029
Last updated: 2026-07-03
About this actor
[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April 2021) They have operated since at least 2008, often targeting government networks in Europe and NATO member countries, research institutes, and think tanks. [APT29](https://attack.mitre.org/groups/G0016) reportedly compromised the Democratic National Committee starting in the summer of 2015.(Citation: F-Secure The Dukes)(Citation: GRIZZLY STEPPE JAR)(Citation: Crowdstrike DNC June 2016)(Citation: UK Gov UK Exposes Russia SolarWinds April 2021) In April 2021, the US and UK governments attributed the [SolarWinds Compromise](https://attack.mitre.org/campaigns/C0024) to the SVR; public statements included citations to [APT29](https://attack.mitre.org/groups/G0016), Cozy Bear, and The Dukes.(Citation: NSA Joint Advisory SVR SolarWinds April 2021)(Citation: UK NSCS Russia SolarWinds April 2021) Industry reporting also referred to the actors involved in this campaign as UNC2452, NOBELIUM, StellarParticle, Dark Halo, and SolarStorm.(Citation: FireEye SUNBURST Backdoor December 2020)(Citation: MSTIC NOBELIUM Mar 2021)(Citation: CrowdStrike SUNSPOT Implant January 2021)(Citation: Volexity SolarWinds)(Citation: Cybersecurity Advisory SVR TTP May 2021)(Citation: Unit 42 SolarStorm December 2020)
Source: MITRE ATT&CK
Activity timeline
- 2026 — 1 CVE published
- 2022 — 1 KEV added
- 2021 — 1 CVE published
- 2010 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2010-0232 KEV | 10.0 | 7.8 | 0.7656 | 2010-01-21 | see CVE |
CVE-2020-8554 | 6.0 | 6.3 | 0.3120 | 2021-01-21 | see CVE |
CVE-2026-20929 | 5.5 | 7.5 | 0.0114 | 2026-01-13 | see CVE |
T1003T1003.002T1003.004T1005T1016T1016.001T1021T1021.007T1027T1027.001T1027.002T1027.006T1036T1036.005T1037T1037.004T1047T1053T1053.005T1059T1059.001T1059.006T1059.009T1068T1070T1070.004T1070.006T1078T1078.003T1078.004T1087T1087.004T1090T1090.002T1090.003T1090.004T1098T1098.002T1098.005T1105T1110T1110.001T1110.003T1114T1114.002T1133T1136T1136.003T1190T1199T1203T1204T1204.001T1204.002T1218T1218.005T1505T1505.003T1528T1546T1546.003T1546.008T1547T1547.001T1548T1548.002T1550T1550.003T1553T1553.005T1556T1556.007T1566T1566.001T1566.002T1566.003T1568T1573T1583T1583.006T1586T1586.002T1586.003T1587T1587.001T1587.003T1588T1588.002T1595T1595.002T1621T1649T1651T1665T1685T1685.002
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 63 / 96 | 66% |
CM-6 | 61 / 96 | 64% |
AC-3 | 54 / 96 | 56% |
AC-6 | 51 / 96 | 53% |
AC-2 | 49 / 96 | 51% |
CM-2 | 47 / 96 | 49% |
IA-2 | 41 / 96 | 43% |
CA-7 | 38 / 96 | 40% |
CM-7 | 38 / 96 | 40% |
AC-5 | 36 / 96 | 38% |
SI-3 | 35 / 96 | 36% |
SI-7 | 33 / 96 | 34% |
CM-5 | 32 / 96 | 33% |
AC-4 | 26 / 96 | 27% |
SC-7 | 24 / 96 | 25% |
Co-occurring actors
- SolarWinds Compromise 2 shared CVEs
- Mustang Panda 1 shared CVEs
- APT38 1 shared CVEs
- Tonto Team 1 shared CVEs
- Ember Bear 1 shared CVEs
- GOLD SOUTHFIELD 1 shared CVEs
- Aquatic Panda 1 shared CVEs
- APT28 1 shared CVEs
- Sandworm Team 1 shared CVEs
- Ajax Security Team 1 shared CVEs
Similar actors
Similar TTPs
- APT28 0.31
- Magic Hound 0.29
- Dragonfly 0.28
- OilRig 0.27
- TA2541 0.27
Overlapping CVEs
- SolarWinds Compromise 0.67
- C0027 0.33
- APT12 0.33
- APT28 0.33
- FIN7 0.33
Active in same years
- Threat Group-3390 3.00
- Sandworm Team 3.00
- SolarWinds Compromise 2.00
- SharePoint ToolShell Exploitation 2.00
- Naikon 2.00
Same nation-state
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00