# [LOW] EasterBunny: advanced espionage artifacts attributed to APT29

**Source:** Lab52
**Published:** 2026-05-06
**Article:** https://lab52.io/blog/easterbunny/

## Threat Profile

During 2019, as part of the results of S2 Grupo’s incident management service, LAB52 gained access to a set of artifacts—and a large amount of evidence collected during the incident—which made it possible to conduct an exhaustive investigation linking the highly sophisticated campaign to APT29.
Starting in November 2025, the information about these artifacts was finally declassified, and the results were compiled into a detailed report that can be downloaded below.
Even today, the campaign still…

## Indicators of Compromise (high-fidelity only)

- _No high-fidelity IOCs in the RSS summary._ If the source publishes a technical write-up with defanged IOCs in the body, those would be picked up automatically on the next pipeline run.

## MITRE ATT&CK Techniques

- _Narrative-keyword inference returned no technique mappings; review article for ATT&CK relevance manually._

## Kill chain phases observed

_(none detected from narrative keywords)_

## Recommended hunts

_No actionable hunts can be derived from the RSS summary alone. The article may still warrant manual review — open the source link for actor attribution, IOCs in the body, and TTP detail._


## Why this matters

Severity classified as **LOW** based on: 0 use case(s) fired, 0 technique(s) inferred. Read the full article for actor attribution, tooling details, and any defanged IOCs in the body that aren't visible in the RSS summary.