Russian Cyberattacks Target COVID-19 Research, Vaccine Development
Government agencies in the US, UK, and Canada report Russian group Cozy Bear is targeting organizations developing coronavirus vaccines.
Russian cyberattacks are targeting organizations involved with COVID-19 research and vaccine development, according to a new joint advisory from the US, UK, and Canadian governments.
Cozy Bear, also known as APT29, is a cyber-espionage group "almost certainly" part of Russian intelligence services that uses several tools and techniques to primarily target governmental, diplomatic, think-tank, healthcare, and energy organizations, the advisory states.
The group has targeted multiple institutions involved with COVID-19 vaccine development in the US, UK, and Canada throughout 2020. It's "highly likely" its goal is to steal data and intellectual property related to vaccine testing and development. APT29 is reportedly using WellMess and WellMail custom malware to target organizations around the world, including those working on COVID-19 vaccines. Neither malware has previously been linked to the group.
The UK's National Cyber Security Centre (NCSC) published the advisory with agreement from Canada's Communications Security Establishment (CSE), the US National Security Agency (NSA), and DHS' Cybersecurity and Infrastructure Security Agency (CISA), which published its own advisory for the threat and included Sorefang malware among APT29's attack tools.
Targeted organizations were not disclosed. Read the full Joint Cybersecurity Advisory via NCSC.
Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.
About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024