In response to Russian Intelligence Services targeting COVID-19 research and vaccine development in the United States, United Kingdom and Canada, the National Security Agency, National Cyber Security Center, Communications Security Establishment and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released a joint cybersecurity advisory to expose the malicious activity by the group publicly known as “APT29,” “CozyBear” or “The Dukes.” APT29 uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain.
The advisory details how the Russian Intelligence Service group targeted organizations involved in COVID-19 vaccine development in the United States, Canada and the United Kingdom, likely to steal information and intellectual property relating to the development and testing of COVID-19 vaccines. The report shares APT29’s tactics, techniques and procedures (TTPs) with network defenders as well as indicators of compromise (IOCs). The advisory also highlights malware commonly used by APT29 that has not previously been linked to the group.
System owners and administrators are encouraged to follow the mitigation steps in the advisory to reduce risk of being compromised by this actor.