A highly sophisticated and exceptionally persistent cyber threat actor, known across the cybersecurity landscape by a multitude of names, poses a significant and ongoing risk to organizations worldwide. This group is widely assessed to be a state-sponsored entity operating under the direction of Russian intelligence services. Their primary objective is extensive espionage and intelligence gathering, relentlessly targeting national governments, diplomatic entities, think tanks, non-governmental organizations, and even private sector businesses, particularly those involved in critical areas like energy and technology.
What sets this actor apart is their advanced toolkit and adaptive methodology. They are notorious for executing complex campaigns, including highly impactful supply chain attacks like the one involving SolarWinds, which allowed them to compromise thousands of organizations globally. Beyond supply chain compromises, they frequently employ cunning spear-phishing campaigns, leveraging current events or seemingly legitimate communications to gain initial access. They are also quick to exploit newly discovered software vulnerabilities.
The diversity in their naming across the industry – from Cozy Bear and Nobelium to The Dukes and others – reflects the extensive tracking and analysis dedicated to their activities. Despite the different monikers, the underlying threat remains constant: a highly skilled group capable of maintaining long-term access within victim networks, exfiltrating sensitive data, and adapting their tactics, techniques, and procedures (TTPs) to evade detection. Staying informed about their evolving methods and strengthening defenses against their known TTPs is crucial for protecting critical information and infrastructure in the face of this formidable and continuous threat.
Source: https://go.theregister.com/feed/www.theregister.com/2025/06/03/microsoft_crowdstrike_cybercrew_naming_clarity/
