The U.K.’s National Cyber Security Centre (NCSC), Canada’s Communications Security Establishment (CSE), and the National Security Agency (NSA) of the U.S. stated that a cyber espionage group “APT29,” which is linked to Russian intelligence services, is trying to steal information and intellectual property related to the testing and development of Coronavirus vaccines.
In a joint advisory, the agencies stated that the APT29 group, also known as “the Dukes” or “Cozy Bear,” targeted several organizations that are working on COVID-19 vaccine development in Canada, the U.S., and the U.K. The group is using its custom malware known as WellMess and WellMail and other techniques to target government entities, diplomats, think-tanks, health care providers, and companies under the energy sector.
“The group frequently uses publicly available exploits to conduct widespread scanning and exploitation against vulnerable systems, likely in an effort to obtain authentication credentials to allow further access. This broad targeting potentially gives the group access to a large number of systems globally, many of which are unlikely to be of immediate intelligence value. The group may maintain a store of stolen credentials in order to access these systems in the event that they become more relevant to their requirements in the future,” the advisory said.
The advisory also highlighted that the APT29 group continues to attack COVID-19 vaccine research and development centers for their financial or intellectual gains. The agencies strongly recommended organizations to use robust security measures to defend against cyberthreats.
NCSC and CISA Advisory on COVID-19 Threats
Recently, cybersecurity officials from the NCSC, the U.S. Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Agency (CISA) stated that cybercriminals and advanced persistent threat (APT) groups are targeting individuals and organizations with a variety of ransomware and malware attacks, thereby exploiting the COVID-19 outbreak for their personal gain. The security agencies have released a joint advisory describing the growing number of attackers and other malicious groups in the U.K. and the U.S. The NCSC and CISA stated that they are working with law enforcement and industry experts to prevent COVID-19 related cyber activities. It is said that the NCSC and the CISA have observed hackers scanning for vulnerabilities in remote working tools and exploited the increased use of video conferencing software.