Midnight Blizzard, also known as APT29, is a threat actor group suspected to be attributed to the Russian Foreign Intelligence Service (SVR). The initial emergence of Midnight Blizzard operations occurred in 2008 when the first MiniDuke malware samples were compiled according to Kaspersky. APT29 employs a wide variety of advanced techniques in their cyber operations in support of the SVR’s intelligence requirements.

Midnight Blizzard has been suspected of being involved in several high-profile attempted intrusions and compromises, including the Office Monkeys campaign in 2014 targeting a Washington D.C.-based private research institute, the Pentagon in 2015, the Democratic National Committee (DNC) and US think tanks in 2016, the Norwegian Government and several Dutch ministries in 2017. The group has also targeted organisations within the education sector that are affiliated with medical research. It is highly likely that the group targets such institutions for espionage purposes, in order to exfiltrate data relating to western medical advances.

Midnight Blizzard applies a wide range of bespoke tools developed in a variety of programming languages, which demonstrates the resources at their disposal. The group also utilises publicly available commodity tools such as Mimikatz and Cobalt Strike.