APT29 targets COVID-19 vaccine development

July 20, 2020

Russian cyber actors are targeting organizations involved in coronavirus vaccine development, UK security officials have revealed.

The UK National Cyber Security Centre (NCSC) has published an advisory, detailing activity of the threat group known as APT29, which has exploited organizations globally.

The NCSC assesses that APT29, also named “the Dukes” or “Cozy Bear” almost certainly operate as part of Russian intelligence services. This assessment is also supported by partners at the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA).

APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property, says the NCSC.

According to the advisory, throughout 2020, APT29 has targeted various organizations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines. APT29, which uses a variety of tools and techniques such as spear-phishing, is using custom malware known as ‘WellMess’ and ‘WellMail’ to target a number of organizations globally, including those organizations involved with COVID-19 vaccine development. WellMess and WellMail have not previously been publicly associated to APT29, says the NCSC.

NCSC Director of Operations, Paul Chichester, said, “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic. Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector. We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”

The NCSC has previously warned that APT groups have been targeting organizations involved in both national and international COVID-19 responses.

Pandemics, Recessions and Disasters: Insider Threats During Troubling Times

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Industrial Cybersecurity: What Every Food & Bev Executive Needs to Know

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Poll

Who has ownership or primary responsibility of video surveillance at your enterprise?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

APT29 targets COVID-19 vaccine development

The latest news and information

Content written for business-minded executives who manage enterprise risk and security

APT29 targets COVID-19 vaccine development

Related Articles

Related Events

The latest news and information

Content written for business-minded executives who manage enterprise risk and security