A Russian threat actor group known as APT29 has reportedly been targeting organizations aiding the effort to develop a coronavirus vaccine. According to the UK’s National Cyber Security Centre (NCSC), the hackers were likely operating on behalf of the Russian government or intelligence services, attempting to steal information related to the initiative. The US National Security Agency, the US Department for Homeland Security, and the Cybersecurity Infrastructure Security Agency all released advisories on the threat.
The group, APT29, is also known to researchers as “the Dukes” or “Cozy Bear.” The hacking group used malware variants called WellMess and Wellmail and exploited software flaws to obtain access to vulnerable computer systems, seeking information on COVID-19 relief efforts. The group also used spear-phishing attacks and social engineering capabilities to trick individuals associated with the organizations working on a vaccine into giving up sensitive login credentials.
Read More: Coronavirus: Russian hackers target Covid-19 vaccine research