Security News > 2021 > July > Russia's APT29 Still Actively Delivering Malware Used in COVID-19 Vaccine Spying
The Russian cyberespionage group known as APT29 and Cozy Bear is still actively delivering a piece of malware named WellMess, despite the fact that the malware was exposed and detailed last year by Western governments.
WellMess was attributed to Russia's APT29 in 2020, when the United States, the United Kingdom and Canada said it had been used by Russian hackers in attacks aimed at academic and pharmaceutical research institutions involved in COVID-19 vaccine development.
The WellMess malware has been used in highly targeted attacks, and despite it being exposed by governments and cybersecurity firms, APT29 is apparently still using it in attacks.
RiskIQ, the threat intelligence company acquired recently by Microsoft, discovered more than 30 command and control servers that have been actively used by APT29 to deliver WellMess malware.
While the company is confident that the servers belong to APT29 and they are still actively used to deliver the malware, it does not have enough information to determine how the infrastructure is being used or whom it has been used to target.
"We were unable to locate any malware which communicated with this infrastructure, but we suspect it is likely similar to previously identified samples."