How the Russian hacking group Cozy Bear, suspected in the SolarWinds breach, plays the long game
The SolarWinds breach has thrown US government agencies and thousands of companies into a frenzy, trying to determine which agencies were hacked and what information was accessed. The culprit may have been one of the most high-profile and persistent hacking groups, the Russian government-backed APT29 referred to as Cozy Bear. Cyberintelligence firms have been cautious in attributing the espionage campaign to any one entity, however, there are undeniable similarities between Cozy Bear’s known techniques and the SolarWinds breach.
The group is linked to Russia’s intelligence service, the SVR. Cozy Bear is known in the cybersecurity industry for conducting prolonged efforts and never backing out of espionage operations, even after being discovered. According to researchers, Cozy Bear has, in the past, jumped through hoops to conceal its activities and allowing them to run years-long operations. Rather than one cohesive identity, Cozy Bear is thought to be made of up several networks of hackers working together. Although the US government has not formally identified the group behind the devastating breach, the connections have lead cybersecurity experts to blame APT29.