ABSTRACT

Advisory: APT29 Targets COVID-19 Vaccine Development   [open pdf - 417KB]

From the Introduction: "The United Kingdom's National Cyber Security Centre (NCSC) and Canada's Communications Security Establishment (CSE) assess that APT29 (also known as 'the Dukes' or 'Cozy Bear') is a cyber espionage group, almost certainly part of the Russian intelligence services. The United States' National Security Agency (NSA) agrees with this attribution and the details provided in this report. The United States' Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (DHS CISA) endorses the technical detail and mitigation advice provided in this advisory. The group uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain. Throughout 2020, APT29 has targeted various organisations involved in COVID-19 [coronavirus disease 2019] vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines. APT29 is using custom malware known as 'WellMess' and 'WellMail' to target a number of organisations globally. This includes those organisations involved with COVID-19 vaccine development. WellMess and WellMail have not previously been publicly associated to APT29."

Report Number:
Version 1.0
Publisher:
Date:
2020-07-16
Series:
Copyright:
2020 Crown Copyright. Posted here with permission. Documents are for personal use only and not for commercial profit.
Retrieved From:
U.S. Department of Defense: https://www.defense.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations