MITRE’s ATT&CK™ Evaluations program will assess commercial cybersecurity products based on techniques used by APT29/Cozy Bear/The Dukes. The selection of vendors for evaluation is subject to MITRE’s sole discretion. The evaluations use the ATT&CK framework, a MITRE-developed knowledge base of adversary tactics, techniques, and procedures that is based on published threat reporting. “Many security vendors have begun using ATT&CK to describe how their product capabilities detect known adversary behaviors,” said Gary Gagnon, MITRE vice president for cybersecurity strategy and chief security officer. “MITRE chose APT29 as the adversary to emulate for the second round because it complements our APT3 emulations and offers a new perspective on ATT&CK coverage,” said Frank Duff, MITRE’s lead engineer for the evaluations program. The selection of vendors for evaluation is subject to MITRE’s sole discretion.