1. August 2021

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

A year ago, the United Kingdom, the USA, and Canada released a coordinated advisory, during the global pandemic, revealing a Russian espionage campaign targeting the vaccination research efforts of COVID-19 in their respective country. 

They have credited the operation to APT29 of Russia (The Dukes, Yttrium, and Cozy Bear) and have expressly designated it as a branch for the Foreign Intelligence Services of Russia (SVR). For the very first time, they officially connected the malware employed in the campaign with APT29 to WellMess and WellMail. 

RiskIQ has provided full information of the 30 servers which Russia’s SVR-spy agency (aka APT29) has indeed been expected to utilize in its continued attempts to steal Western intellectual property. 

RiskIQ is a leading provider of Internet security information that provides the most comprehensive identification, intelligence, and mitigation of threats linked to the web presence of a company. RiskIQ offers businesses to have unified insight and control over Web, social and mobile exposures with over 75% of threats that originate outside firewalls. 

In 2018, the CERT in Japan recognized WellMess without mentioning targeting or involving a particular threat actor. Following the 2020 report by the Western Governments, RiskIQ’s Team Atlas extended the campaign’s familiar attacker footprint and identified more than a dozen additional control servers.