APT29 DNC Intrusion
APT29 intrusion into Democratic National Committee networks, operating alongside APT28 in parallel campaigns.
Start date
1 January 2015
End date
—
Techniques
18
Attributed actors
Techniques (18)
collection2
T1114.002Remote Email Collection
T1560.001Archive via Utility
command-and-control2
T1071.001Web Protocols
T1090.003Multi-hop Proxy
credential-access1
T1003.001LSASS Memory
defense-impairment1
T1070.001Clear Windows Event Logs
discovery2
T1057Process Discovery
T1083File and Directory Discovery
execution3
T1059.003Windows Command Shell
T1059.001PowerShell
T1053.005Scheduled Task
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access3
T1566.002Spearphishing Link
T1078Valid Accounts
T1566.001Spearphishing Attachment
lateral-movement1
T1021.001Remote Desktop Protocol
persistence3
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1053.005Scheduled Task
privilege-escalation3
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1053.005Scheduled Task
stealth2
T1078Valid Accounts
T1070.004File Deletion
Indicators of compromise
No IOCs linked to this campaign yet.