This week, the NCSC exposed an ongoing campaign of malicious activity targeting coronavirus vaccine research and development globally.
The UK, supported by the US and Canada, revealed that the threat group, APT29, has exploited organisations involved in the response to the pandemic. The NCSC assesses that APT29, also named “the Dukes” or “Cozy Bear” almost certainly operate as part of Russian intelligence services.
The group uses a variety of tools and techniques to target organisations to steal valuable information using custom malware known as ‘WellMess’ and ‘WellMail’.
WellMess and WellMail have not previously been publicly associated to APT29.
The full advisory is available to download from the NCSC website.