Virus Type: Advanced Persistent Threat (APT)

What is CozyDuke?

CozyDuke (aka CozyBear, CozyCar or "Office Monkeys") is a threat actor that became increasingly active in the 2nd half of 2014 and hit a variety of targets. The group hunts for confidential information stored in the networks of government and commercial entities in several countries.

Who are the victims of these attacks?

This is highly targeted attack. Kaspersky Lab observed indicators of attacks against government organizations and commercial entities in the US, Germany, South Korea and Uzbekistan. Some of the targets from 2014 include the White House and Department of State in the US.

Am I at risk?

You might be a target of Hellsing if the following risk factors are familiar to you:

Risk factors:

  • If you work for/with governments and\or companies in the US, Germany, South Korea or Uzbekistan
  • If you receive and read hundreds of emails, open attachments
  • If you have received suspicious SFX files Inside RAR/ZIP archives or hyperlinks that lead to downloading of archives

How do I know if I’m infected?

  • Don’t open attachments and links from unknown persons
  • Regularly scan your PC with advanced antimalware solution
  • Beware of ZIP archives with SFX files inside
  • If you are unsure about the attachment, try to open it in a sandbox
  • Make sure you have a modern operating system with all patches installed
  • Update all third party applications such as Microsoft Office, Java, Adobe Flash Player and Adobe Reader

Vi bruker informasjonskapsler for å gi deg en bedre opplevelse av nettstedene våre. Ved å bruke og navigere rundt på dette nettstedet godtar du dette. Du kan finne detaljerte opplysninger om bruken av informasjonskapsler på dette nettstedet ved å klikke på koblingen for mer informasjon.

Godta og lukk