Russian cyberattacks are targeting organizations involved with COVID-19 research and vaccine development, according to a new joint advisory from the US, UK, and Canadian governments.
Cozy Bear, also known as APT29, is a cyber-espionage group "almost certainly" part of Russian intelligence services that uses several tools and techniques to primarily target governmental, diplomatic, think-tank, healthcare, and energy organizations, the advisory states.
The group has targeted multiple institutions involved with COVID-19 vaccine development in the US, UK, and Canada throughout 2020. It's "highly likely" its goal is to steal data and intellectual property related to vaccine testing and development. APT29 is reportedly using WellMess and WellMail custom malware to target organizations around the world, including those working on COVID-19 vaccines. Neither malware has previously been linked to the group.
The UK's National Cyber Security Centre (NCSC) published the advisory with agreement from Canada's Communications Security Establishment (CSE), the US National Security Agency (NSA), and DHS' Cybersecurity and Infrastructure Security Agency (CISA), which published its own advisory for the threat and included Sorefang malware among APT29's attack tools.
Targeted organizations were not disclosed. Read the full Joint Cybersecurity Advisory via NCSC.