https://community.isc2.org/t5/Tech-Talk/APT29-targets-COVID-19-vaccine-development/m-p/37350#M2854 <P><A href="https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development.pdf" target="_blank" rel="noopener">This report</A> details recent Tactics, Techniques and Procedures (TTPs) of the group commonly known as ‘APT29’, also known as ‘the Dukes’ or ‘Cozy Bear’.</P><P>This report provides indicators of compromise as well as detection and mitigation advice.</P><P>The United Kingdom’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE) assess that APT29 (also known as ‘the Dukes’ or ‘Cozy Bear’) is a cyber espionage group, almost certainly part of the Russian intelligence services. The United States’ National Security Agency (NSA) agrees with this attribution and the details provided in this report.</P><P>The United States’ Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) endorses the technical detail and mitigation advice provided in this advisory.</P><P>The group uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain.</P><P>Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.</P><P>APT29 is using custom malware known as ‘WellMess’ and ‘WellMail’ to target a number of organisations globally. This includes those organisations involved with COVID-19 vaccine development. WellMess and WellMail have not previously been publicly associated to APT29.</P> Thu, 16 Jul 2020 13:22:22 GMT leroux 2020-07-16T13:22:22Z https://community.isc2.org/t5/Tech-Talk/APT29-targets-COVID-19-vaccine-development/m-p/37350#M2854 <P><A href="https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development.pdf" target="_blank" rel="noopener">This report</A> details recent Tactics, Techniques and Procedures (TTPs) of the group commonly known as ‘APT29’, also known as ‘the Dukes’ or ‘Cozy Bear’.</P><P>This report provides indicators of compromise as well as detection and mitigation advice.</P><P>The United Kingdom’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE) assess that APT29 (also known as ‘the Dukes’ or ‘Cozy Bear’) is a cyber espionage group, almost certainly part of the Russian intelligence services. The United States’ National Security Agency (NSA) agrees with this attribution and the details provided in this report.</P><P>The United States’ Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) endorses the technical detail and mitigation advice provided in this advisory.</P><P>The group uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain.</P><P>Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.</P><P>APT29 is using custom malware known as ‘WellMess’ and ‘WellMail’ to target a number of organisations globally. This includes those organisations involved with COVID-19 vaccine development. WellMess and WellMail have not previously been publicly associated to APT29.</P> Thu, 16 Jul 2020 13:22:22 GMT https://community.isc2.org/t5/Tech-Talk/APT29-targets-COVID-19-vaccine-development/m-p/37350#M2854 leroux 2020-07-16T13:22:22Z