APT29 is linked to Russia’s Foreign Intelligence Service (SVR). They have been targeting government networks in Europe and NATO member nations, research institutes, and think tanks since at least 2008. APT29 focuses on a single target, launching a payload in the first stage that investigates the area while establishing persistence. Also, the notorious Solar Wind attacks in 2020 were carried out by this group. In 2014, the APT29 group attacked commercial and government enterprises in Germany, Uzbekistan, South Korea, and the United States, including the US State Department and the White House.
They have also attacked many vaccine manufacturers in an attempt to undermine the Coronavirus pandemic response process. APT29 is also known as Nobelium, Dukes, Cozy Duke, EuroAPT, CozyBear, CozyCar, Office Monkeys, SeaDuke, Hammer Toss, Iron Hemlock, and Grizzly Steppe.