NSA Teams with NCSC, CSE, DHS CISA to Expose Russian Intelligence Services Targeting COVID-19 Researchers

In response to Russian Intelligence Services targeting COVID-19 research and vaccine development in the United States, United Kingdom and Canada, the National Security Agency, National Cyber Security Center,  Communications Security Establishment  and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released a joint cybersecurity advisory to expose the malicious activity by the group publicly known as “APT29,” “CozyBear” or “The Dukes.” APT29 uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain.

The advisory details how the Russian Intelligence Service group targeted organizations involved in COVID-19 vaccine development in the United States, Canada and the United Kingdom, likely to steal information and intellectual property relating to the development and testing of COVID-19 vaccines. The report shares APT29’s tactics, techniques and procedures (TTPs) with network defenders as well as indicators of compromise (IOCs). The advisory also highlights malware commonly used by APT29 that has not previously been linked to the group.

System owners and administrators are encouraged to follow the mitigation steps in the advisory to reduce risk of being compromised by this actor.

Read more at NSA

Homeland Security Today

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

See Full Bio