The alert does not point to any specific new and recent threats or attacks from APT29 (aka Cozy Bear, Dukes, and Yttrium) targeting organizations in these sectors. But it does note the longstanding threat the group has posed to US organizations and the group s use of customized tools to maximize stealth and to move laterally within victim networks. Since at least 2018, the group has shifted from predominantly targeting on-premises assets to targeting cloud-hosted email and other cloud resources, the three agencies say. [SVR] will continue to seek intelligence from US and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks, the alert notes.