APT29, also known as Cozy Bear or CozyDuke, are a Russian hacker group believed to be associated with Russian intelligence. Cybersecurity firm CrowdStrike has suggested that it may be associated with the Russian FSB.
They are suspected of being behind the ‘HAMMERTOSS’ remote access tool which uses commonly visited websites like Twitter and GitHub to relay command data.
In August 2015 they were linked to an spear-phishing cyber-attack against the Pentagon email system causing the shut down of the entire Joint Staff unclassified email system and Internet access during the investigation.
In June 2016, they were implicated alongside the hacker group Fancy Bear in the Democratic National Committee cyber attacks.