Virus Type: Advanced Persistent Threat (APT)

What is CozyDuke?

CozyDuke (aka CozyBear, CozyCar or "Office Monkeys") is a threat actor that became increasingly active in the 2nd half of 2014 and hit a variety of targets. The group hunts for confidential information stored in the networks of government and commercial entities in several countries.

Who are the victims of these attacks?

This is highly targeted attack. Kaspersky Lab observed indicators of attacks against government organizations and commercial entities in the US, Germany, South Korea and Uzbekistan. Some of the targets from 2014 include the White House and Department of State in the US.

Am I at risk?

You might be a target of Hellsing if the following risk factors are familiar to you:

Risk factors:

  • If you work for/with governments and\or companies in the US, Germany, South Korea or Uzbekistan
  • If you receive and read hundreds of emails, open attachments
  • If you have received suspicious SFX files Inside RAR/ZIP archives or hyperlinks that lead to downloading of archives

How do I know if I’m infected?

  • Don’t open attachments and links from unknown persons
  • Regularly scan your PC with advanced antimalware solution
  • Beware of ZIP archives with SFX files inside
  • If you are unsure about the attachment, try to open it in a sandbox
  • Make sure you have a modern operating system with all patches installed
  • Update all third party applications such as Microsoft Office, Java, Adobe Flash Player and Adobe Reader