The National Cyber Security Centre (NCSC) published an advisory detailing the activity of the threat group known as APT29, which “has exploited organizations globally.”
The NCSC assesses that APT29, also named “the Dukes” or “Cozy Bear,” almost certainly operate as part of Russian Intelligence Services. The assessment is supported by partners at the Canadian Communication Security Establishment (CSE), the U.S. Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA).
UK security officials said in a press release that “APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property.”
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” NCSC Director of Operations, Paul Chichester, said in a statement. “Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector. We would urge organizations to familiarize themselves with the advice we have published to help defend their networks.”
The NCSC has previously warned that APT groups have been targeting organizations involved in both national and international COVID-19 responses. It said known targets of APT29 include UK, US and Canadian vaccine research and development organizations.
Western security officials claim the group uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.
This is breaking news. Please check back for updates.