Cozy Bear, more officially classified as the Advanced Persistent Threat (APT) group 29, “APT29,” is a Russian-based hacker group believed to be associated with Russia’s foreign intelligence service. The group is also known under the nicknames Office Monkeys, CozyCar, The Dukes, and CozyDuke.
Kaspersky and CrySyS Lab researchers first reported on the group in July 2013, even though malicious activity had been previously observed but not yet attributed to a single group. As it turns out, APT29 has been actively engaging in cyber espionage activity since 2008, primarily targeting government entities and organizations involved in geopolitical affairs.
Over the past decade, APT29 continues to maintain its reputation as one of the most sophisticated APT groups out there. They have launched numerous destructive campaigns that distribute advanced malware to targets worldwide.
Most recently, the widely-reported SolarWinds compromise has been attributed to the group.