National Cyber Security Centre
Printable version

UK and allies expose Russian attacks on coronavirus vaccine development

Joint advisory details APT29’s ongoing campaign to target organisations involved in COVID-19 vaccine development.

An image illustrating a warning sign on a laptop screen.

RUSSIAN cyber actors are targeting organisations involved in coronavirus vaccine development, UK security officials have revealed.

The National Cyber Security Centre (NCSC) has published an advisory today, detailing activity of the threat group known as APT29, which has exploited organisations globally.

The NCSC assesses that APT29, also named “the Dukes” or “Cozy Bear” almost certainly operate as part of Russian intelligence services. This assessment is also supported by partners at the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA).

APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property.

NCSC Director of Operations, Paul Chichester, yesterday said:

“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.

“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.

“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”

The NCSC has previously warned that APT groups have been targeting organisations involved in both national and international COVID-19 responses.

Known targets of APT29 include UK, US and Canadian vaccine research and development organisations. The group uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.

You can read the full assessment here.


Channel website:

Original article link:

Share this article

Latest News from
National Cyber Security Centre