APT29 targets COVID-19 vaccine development

July 20, 2020

Russian cyber actors are targeting organizations involved in coronavirus vaccine development, UK security officials have revealed.

The UK National Cyber Security Centre (NCSC) has published an advisory, detailing activity of the threat group known as APT29, which has exploited organizations globally.

The NCSC assesses that APT29, also named “the Dukes” or “Cozy Bear” almost certainly operate as part of Russian intelligence services. This assessment is also supported by partners at the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA).

APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property, says the NCSC.

According to the advisory, throughout 2020, APT29 has targeted various organizations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines. APT29, which uses a variety of tools and techniques such as spear-phishing, is using custom malware known as ‘WellMess’ and ‘WellMail’ to target a number of organizations globally, including those organizations involved with COVID-19 vaccine development. WellMess and WellMail have not previously been publicly associated to APT29, says the NCSC.

NCSC Director of Operations, Paul Chichester, said, “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic. Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector. We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”

The NCSC has previously warned that APT groups have been targeting organizations involved in both national and international COVID-19 responses.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Join our subject matter experts as they explore how the right systems can help identify, analyze and report potential incidents and help building owners sustain compliance and create safer spaces.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

APT29 targets COVID-19 vaccine development

Related Articles

Related Events

Report Abusive Comment