Security News > 2021 > July > Here's 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ

Details of 30 servers thought to be used by Russia's SVR spy agency as part of its ongoing campaigns to steal Western intellectual property were made public today by RiskIQ. Russia's Foreign Intelligence Service "Is actively serving malware previously used in espionage campaigns targeting COVID-19 research in the UK, US, and Canada," according to threat intel firm.

"We were unable to locate any malware which communicated with this infrastructure, but we suspect it is likely similar to previously identified samples."

Previously the SVR was linked to the WellMess malware, seen being deployed against Western medical science institutions in early 2020 as nation states raced to develop effective vaccines against COVID-19.

In revealing these 30 servers' IP addresses and details of their SSL certificates, RiskIQ follows the lead of the US CISA infosec agency, which in April told the world exactly what the SVR was deploying and from where, along with offering avoidance advice.

Known to the infosec industry as APT29*, the SVR does not appear to have slowed down since the well-publicised Biden-Putin summit of June, where the American president nicely asked his Russian counterpart to tone it down a bit.

SVR operations against the West have been fairly brazen, with responses varying from quiet warnings through direct attribution to outright "They won't sodding well stop so we're telling you exactly what the naughty buggers have moved onto now" from a fed-up National Cyber Security Centre in the UK. Just for good measure, the GCHQ offshoot also briefed national newspapers in November that they were countering the SVR's continuing efforts to break into British research institutions, hinting they were deploying a form of encryption malware against the Russians.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/30/riskiq_reveals_30_svr_apt29_c2_servers/