Besides the drop in Ryuk, we saw a continuing decline in commodity trojans such as Trickbot and Emotet, as ransomware adversaries rely more on open-source tools, the Cobalt Strike framework, and a combination of various living-off-the-land tools and utilities, or “LoLBins."
A 2015 report by F-Secure describe APT29 as: 'The Dukes are a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making.